Really simple standalone Identity Access Management (IAM) service, OAuth2 authentication and authorization server. Project is compliant with subset of OpenID-connect and OAuth2 and other related specifications.
- Please check User's Guide and Examples for more details.
- Check Docker Hub releases.
docker run -d -p 8080:8080 jurajveverka/iam-service:2.5.10-RELEASE curl 'http://localhost:8080/services/discovery' curl 'http://localhost:8080/services/oauth2/iam-admins/iam-admins/.well-known/openid-configuration' - OpenAPI documentation:
http://localhost:8080/swagger-ui/index.html?url=/v3/api-docs#/ - Deploy into kubernetes cluster.
- Unit test deployments, rapid deployments, replicas=1.
- Simple use, single JSON file as database, replicas=1.
- Single instance deployments, replicas>1.
- Cluster deployments, docker or kubernetes, replicas>1.
- Provide minimalistic, simple and small OAuth2/OIDC identity server.
- Self-Contained IAM management - clients, users, credentials, permission and roles.
- JWTs issued for authenticated clients and user-agents.
- Back Channels for JWT verification - backend libraries for resource servers.
- Small memory footprint - iam-service (32Mb JVM heap)
- Small build size - iam-service (single jar: ~40Mb, docker: ~190Mb)
- Seamless integrations with spring framework - check examples.
- In memory or Redis backed caches.
- Data model stored in memory, single JSON file or MongoDB.
- Authorization Code - flow details.
- Authorization Code (With PKCE) - flow details.
- Password Credentials - flow details.
- Client Credentials - flow details.
- Refresh Token - flow detail.
- Front channels.
- Back channels.
Architecture details.
- iam-service - SpringBoot IAM as microservice (standalone authorization and authentication server).
- iam-client - client library for back channel integrations with other microservices (resource-servers).
- iam-service-client - client library for remote administration of iam-service (resource-servers).
- iam-client-spring - easier integrations for springboot microservices.
- iam-examples - examples how to use and integrate with IAM-service.
- Authorization / Authentication APIs - login flows, issuing JWT, revoking JWT.
- Admin APIs - manage organization / project / users and credentials.
- Back-Channel APIs - discover organization / project / user configuration, get public keys.
- Swagger and Actuator APIs
- Security Rules - accessing APIs.
- Internal Data Model - internal data model description and glossary.
- JWT mappings - mapping details between data model and issued JWT.
- Project build & test instructions - how to build this project locally.
- RFC6749 - OAuth 2.0 Authorization Framework
- RFC7009 - OAuth 2.0 Token Revocation
- RFC7662 - OAuth 2.0 Token Introspection
- RFC6750 - OAuth 2.0 Bearer Token Usage
- RFC8414 - OAuth 2.0 Authorization Server Metadata
- RFC7636 - OAuth 2.0 Proof Key for Code Exchange by OAuth Public Clients (PKCE)
- RFC7519 - JSON Web Token (JWT)
- RFC7517 - JSON Web Key (JWK)
- OpenID - OpenID Connect Core 1.0
- References