This library is a personal project mostly developped by myself on my free time, with gracious help from users.
It also relies on libraries that have the same flaw, and please note that I have less time to work on it. So be careful on how you use this library.
Handles the OAuth2 and OpenID Connect authentication process flow from the client side.
Supported response_types: code
, token
, id_token
, password
, client_credentials
, refresh_token
, device_code
Supported client authentication methods: client_secret_basic
, client_secret_post
, client_secret_jwt
, private_key_jwt
Supported features:
Example for code
and id_token
response types on an OpenID Connect server.
/**
* Compile with
* gcc -o test_iddawc test_iddawc.c -liddawc
*/
#include <stdio.h>
#include <iddawc.h>
int main() {
struct _i_session i_session;
i_init_session(&i_session);
i_set_parameter_list(&i_session, I_OPT_RESPONSE_TYPE, I_RESPONSE_TYPE_ID_TOKEN|I_RESPONSE_TYPE_CODE,
I_OPT_OPENID_CONFIG_ENDPOINT, "https://oidc.tld/.well-known/openid-configuration",
I_OPT_CLIENT_ID, "client1",
I_OPT_CIENT_SECRET, "mySecret",
I_OPT_REDIRECT_URI, "https://my-client.tld",
I_OPT_SCOPE, "openid",
I_OPT_STATE_GENERATE, 16,
I_OPT_NONCE_GENERATE, 32,
I_OPT_NONE);
if (i_get_openid_config(&i_session)) {
fprintf(stderr, "Error loading openid-configuration\n");
i_clean_session(&i_session);
return 1;
}
// First step: get redirection to login page
if (i_build_auth_url_get(&i_session)) {
fprintf(stderr, "Error building auth request\n");
i_clean_session(&i_session);
return 1;
}
printf("Redirect to: %s\n", i_get_str_parameter(&i_session, I_OPT_REDIRECT_TO));
// When the user has logged in the external application, gets redirected with a result, we parse the result
fprintf(stdout, "Enter redirect URL\n");
fgets(redirect_to, 4096, stdin);
redirect_to[strlen(redirect_to)-1] = '\0';
i_set_str_parameter(&i_session, I_OPT_REDIRECT_TO, redirect_to);
if (i_parse_redirect_to(&i_session) != I_OK) {
fprintf(stderr, "Error parsing redirect_to url\n");
i_clean_session(&i_session);
return 1;
}
// Run the token request, get the refresh and access tokens
if (i_run_token_request(&i_session) != I_OK) {
fprintf(stderr, "Error running token request\n");
i_clean_session(&i_session);
return 1;
}
// And finally we load user info using the access token
if (i_get_userinfo(&i_session, 0) != I_OK) {
fprintf(stderr, "Error loading userinfo\n");
i_clean_session(&i_session);
return 1;
}
fprintf(stdout, "userinfo:\n%s\n", i_get_str_parameter(&i_session, I_OPT_USERINFO));
// Cleanup session
i_clean_session(&i_session);
return 0;
}
Iddawc is available in the following distributions.
Iddawc is based on GnuTLS, Jansson, zlib, libmicrohttpd, libcurl and libsystemd (if possible), you must install those libraries first before building Iddawc.
GnuTLS 3.6 minimum is required for JWT signed with ECDSA
, Ed25519 (EDDSA)
and RSA-PSS
signatures.
You need Orcania, Yder, Ulfius and Rhonabwy.
CMake minimum 3.5 is required.
Last Iddawc release: https://github.com/babelouest/iddawc/releases/latest/
Run the CMake script in a sub-directory, example:
$ cd <iddawc_source>
$ mkdir build
$ cd build
$ cmake ..
$ make && sudo make install
The available options for CMake are:
-DWITH_JOURNALD=[on|off]
(default on
): Build with journald (SystemD) support-DBUILD_IDWCC=[on|off]
(default on
): Build idwcc-BUILD_IDDAWC_TESTING=[on|off]
(default off
): Build unit tests-DINSTALL_HEADER=[on|off]
(default on
): Install header file iddawc.h
-DBUILD_RPM=[on|off]
(default off
): Build RPM package when running make package
-DCMAKE_BUILD_TYPE=[Debug|Release]
(default Release
): Compile with debugging symbols or notDownload Iddawc from GitHub repository, compile and install.
Last Iddawc release: https://github.com/babelouest/iddawc/releases/latest/
$ cd iddawc/src
$ make
$ sudo make install
By default, the shared library and the header file will be installed in the /usr/local
location. To change this setting, you can modify the DESTDIR
value in the src/Makefile
.
Example: install Iddawc in /tmp/lib directory
$ cd src
$ make && make DESTDIR=/tmp install
You can install Iddawc without root permission if your user has write access to $(DESTDIR)
.
A ldconfig
command is executed at the end of the install, it will probably fail if you don't have root permission, but this is harmless.
If you choose to install Iddawc in another directory, you must set your environment variable LD_LIBRARY_PATH
properly.
Documentation is available in the documentation page: https://babelouest.github.io/iddawc/