Server bridging Google's OAuth and service using Radius for authentication

Fringe

Fringe is an easy workaround for Google Workplace users who need a Radius server to perform authentication on behalf of other services (e.g. 802.1X Wi-Fi, vpn server).

The fringe service offers both a http and radius server.

  • The web interface allows authenticated users (through Google Oauth) to generate and refresh a randomly generated password (only for users in a pecific email domain).
  • The radius server authenticate the user using email and generated password.

Getting Started

TBC

Configuration

TBC

Contributing

TBC

Owner
Pierre-Luc Simard
Pierre-Luc Simard
https://github.com/p-l/fringe
Comments
  • Feature/https

    Feature/https

    HTTPS Server

    Automatic provisioning with letsencrypt.org or with an automatically generated self-signed certificate

    HTTP Server

    It is required to authenticate the domain with lets-encrypt. It also provides HTTP to HTTPS redirection.

    Improvements

    • Fringe config is now in a struct. Easier to pass around and doesn't rely on knowing the config file keys.
    • Secrets for JWS and Radius moved to a JSON file. They are automatically generated.
    • Separate Go security scanner from CI
    • Web service uses default privileged ports (80, 443)
    • Simplified and better documented the sample config file.

    Fixes

    • Fix service start delay due to incorrect PID file path for Debian packages (make packages)
  • User and Admin Interface

    User and Admin Interface

    Create a full Admin Interface.

    They can:

    • enroll new users (without the need for the users to connect),
    • list users (paginated),
    • delete users,
    • generate a new password for a user

    User Interface

    • User can generate a new password
    • User can enroll themselves

    Other improvements

    • Added "roles" to AuthClaims
    • Added tests to all handlers
    • Added Mocks for HTTP client and user repo
    • Isolated code in more helpers.
  • Add gosec code security check

    Add gosec code security check

    • Enable gosec in the .github/workflows/codeql-analysis.yml
    • Add gosec to the make security target
    • Add .gosec.json as configuration file for local runs
  • Linter clean-up

    Linter clean-up

    • Configure some of the linters defaults to match the project
    • Remove remaining warnings
    • Clean-up the Makefile (not lint related but GitHub Actions use the Makefile to initiate lifting (make lint)
      • Added make lint-fix to auto-fix linting issue when ran locally
      • Made make run use the full binary name (with Arch and OS)
  • Transform db to repositories and add tests

    Transform db to repositories and add tests

    • convert db/repository -> db/user_repository
    • add tests to most public fuctions of UserRepository
    • convert validateHash to a function on the User struct
    • make password hash creation a public function for uniformity (and test convenience)
  • Generate Debian Packages

    Generate Debian Packages

    • Replace sqlite3 with pure go ql. It makes cross-compiling easier.
    • Add make packages to target to Makefile to generate deb package for 386, amd64, arm and arm64
    • Remove leftover .idea and add it to .gitignore to ensure it's not added again.
Related tags
Authentication & OAuth golang radius
Example of a simple application which is powered by a third-party oAuth 2.0 server for it's authentication / authorization. Written in Golang.

go mod init github.com/bartmika/osin-thirdparty-example go get github.com/spf13/cobra go get github.com/openshift/osin go get github.com/openshift/osi

Jan 4, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Aug 5, 2022
Casdoor is a UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.

A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC

Dec 29, 2022
Authelia: an open-source authentication and authorization server providing two-factor authentication
 Authelia: an open-source authentication and authorization server providing two-factor authentication

Authelia is an open-source authentication and authorization server providing two

Jan 5, 2022
OAuth 2.0 middleware service for chi (ported from gin by community member)

oauth middleware OAuth 2.0 Authorization Server & Authorization Middleware for go-chi This library was ported to go-chi from https://github.com/maxzer

Dec 8, 2022
an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
 an SSO and OAuth / OIDC login solution for Nginx using the auth_request module

Vouch Proxy An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once. Vouch Proxy supports many O

Jan 4, 2023
OauthMicroservice-cassandraCluster - Implement microservice of oauth using golang and cassandra to store user tokens

implement microservice of oauth using golang and cassandra to store user tokens

Jan 24, 2022
[NO LONGER MAINTAINED} oauth 2 server implementation in Go

hero hero is a feature rich oauth 2 server implementation in Go. Features User account management Client management oauth 2 rfc 6749 compliant Configu

Nov 18, 2022
A library for Go client applications that need to perform OAuth authorization against a server
 A library for Go client applications that need to perform OAuth authorization against a server

oauth-0.8.0.zip oauth A library for Go client applications that need to perform OAuth authorization against a server, typically GitHub.com. Traditiona

Oct 13, 2021
Barbar Service is a project for demo of simple distribute authentication Service.
 Barbar Service is a project for demo of simple distribute authentication Service.

Barbar Service Barbar Service is a project for demo of simple distribute authentication Service. Project Structure Basicaly we reffer to Domain Driven

Aug 29, 2022
A simple passwordless authentication middleware that uses only email as the authentication provider
 A simple passwordless authentication middleware that uses only email as the authentication provider

email auth A simple passwordless authentication middleware that uses only email as the authentication provider. Motivation I wanted to restrict access

Jul 27, 2022
HTTP-server-with-auth# HTTP Server With Authentication

HTTP-server-with-auth# HTTP Server With Authentication Introduction You are to use gin framework package and concurrency in golang and jwt-go to imple

Nov 9, 2022
A library for performing OAuth Device flow and Web application flow in Go client apps.
 A library for performing OAuth Device flow and Web application flow in Go client apps.

oauth A library for Go client applications that need to perform OAuth authorization against a server, typically GitHub.com. Traditionally,

Dec 30, 2022
Demonstration of sharing secret data between an OAuth/OIDC client and an Identity Providers web client.

OAuth / OIDC Cubbyhole Share secret data between client applications. This is mostly a demonstration of some of the work I've been evaluating at Storj

Mar 21, 2022
Goauth: Pre-made OAuth/OpenIDConnect and general authorization hooks for webapp login

goauth Pre-made OAuth/OpenIDConnect and general authorization hooks for webapp login. Currently supports Google, Facebook and Microsoft "out of the bo

Jan 28, 2022
A Go library for doing header-based OAuth over HTTP or HTTPS.

Installation goinstall github.com/alloy-d/goauth Usage import ( "github.com/alloy-d/goauth" "os" ) func someFuncThatDoesStuffWithOAuth() (er

Sep 2, 2020
GOAuth An Oauth consumer Written in Go V 0.0.5

GOAuth ====== This is the source code repository for the GOAuth an OAuth consumer written on the Go programming language. Copyright 2010 The GOAuth

Feb 11, 2021
OAuth 1.0a implementation in Go

Package oauth1a Summary An implementation of OAuth 1.0a in Go1. API reference Installing Run: go get github.com/kurrik/oauth1a Include in your source

Aug 23, 2022
OAuth 1.0 implementation in go (golang).

OAuth 1.0 Library for Go (If you need an OAuth 2.0 library, check out: https://godoc.org/golang.org/x/oauth2) Developing your own apps, with this libr

Nov 22, 2022