OpenID Connect Identity Provider for Sign-In with Ethereum
Getting Started
Dependencies
Redis, or a Redis compatible database (e.g. MemoryDB in AWS), is required.
Starting the IdP
The Docker image is available at ghcr.io/spruceid/siwe_oidc:0.1.0
. Here is an
example usage:
docker run -p 8000:8000 -e SIWEOIDC_ADDRESS="0.0.0.0" -e SIWEOIDC_REDIS_URL="redis://redis" ghcr.io/spruceid/siwe_oidc:latest
It can be configured either with the siwe-oidc.toml
configuration file, or
through environment variables:
SIWEOIDC_ADDRESS
is the IP address to bind to.SIWEOIDC_REDIS_URL
is the URL to the Redis instance.SIWEOIDC_BASE_URL
is the URL you want to advertise in the OIDC configuration (e.g.https://oidc.example.com
).SIWEOIDC_RSA_PEM
is the signing key, in PEM format. One will be generated if none is provided.
OIDC Functionalities
The current flow is very basic -- after the user is authenticated you will
receive an Ethereum address as the subject (sub
field).
For the core OIDC information, it is available under
/.well-known/openid-configuration
.
TODO Items
- Additional information, from native projects (e.g. ENS domains), to more traditional ones (e.g. email).
Development
A Docker Compose is available to test the IdP locally with Keycloak.
- You will first need to run:
docker-compose up -d
-
And then edit your
/etc/hosts
to havesiwe-oidc
point to127.0.0.1
. This is so both your browser, and Keycloak, can access the IdP. -
In Keycloak, you will need to create a new IdP. You can use
http://siwe-oidc:8000/.well-known/openid-configuration
to fill the settings automatically. As for the client ID/secret, you can usesdf
/sdf
.