This project is now closed for me, I have no time nor motivation to maintain it, so I prefer closing this repository.
This library is a personal project mostly developped by myself on my free time, with gracious help from users.
It also relies on libraries that have the same flaw, and please note that I have less time to work on it. So be careful on how you use this library.
Handles the OAuth2 and OpenID Connect authentication process flow from the client side.
- Generates requests based on input parameters
- Parses response
- Validates response values
Supported response_types: code
, token
, id_token
, password
, client_credentials
, refresh_token
, device_code
Supported client authentication methods: client_secret_basic
, client_secret_post
, client_secret_jwt
, private_key_jwt
Supported features:
- Proof Key for Code Exchange by OAuth Public Clients
- Token introspection (RFC 7662)
- Token revocation (RFC 7009)
- OpenID Connect Dynamic Registration
- OAuth 2.0 Dynamic Client Registration Protocol
- OAuth 2.0 Dynamic Client Registration Management Protocol
- OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) Draft 07
- OAuth 2.0 Rich Authorization Requests Draft 11
- OAuth 2.0 Pushed Authorization Requests
- JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
- Messages encryption
Example for code
and id_token
response types on an OpenID Connect server.
/**
* Compile with
* gcc -o test_iddawc test_iddawc.c -liddawc
*/
#include <stdio.h>
#include <iddawc.h>
int main() {
struct _i_session i_session;
i_init_session(&i_session);
i_set_parameter_list(&i_session, I_OPT_RESPONSE_TYPE, I_RESPONSE_TYPE_ID_TOKEN|I_RESPONSE_TYPE_CODE,
I_OPT_OPENID_CONFIG_ENDPOINT, "https://oidc.tld/.well-known/openid-configuration",
I_OPT_CLIENT_ID, "client1",
I_OPT_CIENT_SECRET, "mySecret",
I_OPT_REDIRECT_URI, "https://my-client.tld",
I_OPT_SCOPE, "openid",
I_OPT_STATE_GENERATE, 16,
I_OPT_NONCE_GENERATE, 32,
I_OPT_NONE);
if (i_get_openid_config(&i_session)) {
fprintf(stderr, "Error loading openid-configuration\n");
i_clean_session(&i_session);
return 1;
}
// First step: get redirection to login page
if (i_build_auth_url_get(&i_session)) {
fprintf(stderr, "Error building auth request\n");
i_clean_session(&i_session);
return 1;
}
printf("Redirect to: %s\n", i_get_str_parameter(&i_session, I_OPT_REDIRECT_TO));
// When the user has logged in the external application, gets redirected with a result, we parse the result
fprintf(stdout, "Enter redirect URL\n");
fgets(redirect_to, 4096, stdin);
redirect_to[strlen(redirect_to)-1] = '\0';
i_set_str_parameter(&i_session, I_OPT_REDIRECT_TO, redirect_to);
if (i_parse_redirect_to(&i_session) != I_OK) {
fprintf(stderr, "Error parsing redirect_to url\n");
i_clean_session(&i_session);
return 1;
}
// Run the token request, get the refresh and access tokens
if (i_run_token_request(&i_session) != I_OK) {
fprintf(stderr, "Error running token request\n");
i_clean_session(&i_session);
return 1;
}
// And finally we load user info using the access token
if (i_get_userinfo(&i_session, 0) != I_OK) {
fprintf(stderr, "Error loading userinfo\n");
i_clean_session(&i_session);
return 1;
}
fprintf(stdout, "userinfo:\n%s\n", i_get_str_parameter(&i_session, I_OPT_USERINFO));
// Cleanup session
i_clean_session(&i_session);
return 0;
}
Iddawc is available in the following distributions.
Iddawc is based on GnuTLS, Jansson, zlib, libmicrohttpd, libcurl and libsystemd (if possible), you must install those libraries first before building Iddawc.
GnuTLS 3.6 minimum is required for JWT signed with ECDSA
, Ed25519 (EDDSA)
and RSA-PSS
signatures.
You need Orcania, Yder, Ulfius and Rhonabwy.
CMake minimum 3.5 is required.
Last Iddawc release: https://github.com/babelouest/iddawc/releases/latest/
Run the CMake script in a sub-directory, example:
$ cd <iddawc_source>
$ mkdir build
$ cd build
$ cmake ..
$ make && sudo make install
The available options for CMake are:
-DWITH_JOURNALD=[on|off]
(defaulton
): Build with journald (SystemD) support-DBUILD_IDWCC=[on|off]
(defaulton
): Build idwcc-BUILD_IDDAWC_TESTING=[on|off]
(defaultoff
): Build unit tests-DINSTALL_HEADER=[on|off]
(defaulton
): Install header fileiddawc.h
-DBUILD_RPM=[on|off]
(defaultoff
): Build RPM package when runningmake package
-DCMAKE_BUILD_TYPE=[Debug|Release]
(defaultRelease
): Compile with debugging symbols or not
Download Iddawc from GitHub repository, compile and install.
Last Iddawc release: https://github.com/babelouest/iddawc/releases/latest/
$ cd iddawc/src
$ make
$ sudo make install
By default, the shared library and the header file will be installed in the /usr/local
location. To change this setting, you can modify the DESTDIR
value in the src/Makefile
.
Example: install Iddawc in /tmp/lib directory
$ cd src
$ make && make DESTDIR=/tmp install
You can install Iddawc without root permission if your user has write access to $(DESTDIR)
.
A ldconfig
command is executed at the end of the install, it will probably fail if you don't have root permission, but this is harmless.
If you choose to install Iddawc in another directory, you must set your environment variable LD_LIBRARY_PATH
properly.
Documentation is available in the documentation page: https://babelouest.github.io/iddawc/