| js/ui | ||
| src | ||
| static | ||
| .dockerignore | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| docker-compose.yml | ||
| Dockerfile | ||
| LICENSE-APACHE | ||
| LICENSE-MIT | ||
| README.md | ||
| siwe-oidc.toml | ||
OpenID Connect Identity Provider for Sign-In with Ethereum
Getting Started
Dependencies
Redis, or a Redis compatible database (e.g. MemoryDB in AWS), is required.
Starting the IdP
The Docker image is available at ghcr.io/spruceid/siwe_oidc:0.1.0. Here is an
example usage:
docker run -p 8000:8000 -e SIWEOIDC_ADDRESS="0.0.0.0" -e SIWEOIDC_REDIS_URL="redis://redis" ghcr.io/spruceid/siwe_oidc:latest
It can be configured either with the siwe-oidc.toml configuration file, or
through environment variables:
SIWEOIDC_ADDRESSis the IP address to bind to.SIWEOIDC_REDIS_URLis the URL to the Redis instance.SIWEOIDC_BASE_URLis the URL you want to advertise in the OIDC configuration (e.g.https://oidc.example.com).SIWEOIDC_RSA_PEMis the signing key, in PEM format. One will be generated if none is provided.
OIDC Functionalities
The current flow is very basic -- after the user is authenticated you will
receive an Ethereum address as the subject (sub field).
For the core OIDC information, it is available under
/.well-known/openid-configuration.
TODO Items
- Additional information, from native projects (e.g. ENS domains), to more traditional ones (e.g. email).
Development
A Docker Compose is available to test the IdP locally with Keycloak.
- You will first need to run:
docker-compose up -d
-
And then edit your
/etc/hoststo havesiwe-oidcpoint to127.0.0.1. This is so both your browser, and Keycloak, can access the IdP. -
In Keycloak, you will need to create a new IdP. You can use
http://siwe-oidc:8000/.well-known/openid-configurationto fill the settings automatically. As for the client ID/secret, you can usesdf/sdf.