SSO (Single Sign-On) service that provides user authentication functionality using Smart-ID and Mobile-ID.
It integrates with SK ID Solutions APIs and manages user roles, permissions, and scopes.
Designed to be easily integrated into microservices architectures and provides logging and telemetry for monitoring.
- Create and update user accounts, with role and scope assignments
- Generate and validate JWT tokens
- Authenticate users via
Smart-IDandMobile-IDthrough SK ID Solutions provider APIs - Comprehensive logging and telemetry support (OpenTelemetry) for easier monitoring and tracing
- Easily integrate into a microservices architecture
Before starting this application, you must have the loki-infrastructure running:
git clone git@github.com/tab/loki-infrastructure.git
cd loki-infrastructure
docker-compose upUse .env files (e.g., .env.development) or provide environment variables for:
DATABASE_DSNfor PostgreSQLREDIS_URIfor RedisSMART_ID_API_URL,MOBILE_ID_API_URLand corresponding relying on party credentialsTELEMETRY_URIfor OpenTelemetry
Before running the services, you need to generate certificates for mTLS and keys for JWT signing:
mkdir -p certs/jwt
openssl genrsa -out certs/jwt/private.key 4096
openssl rsa -in certs/jwt/private.key -pubout -out certs/jwt/public.key# Generate CA
openssl genrsa -out certs/ca.key 4096
openssl req -new -x509 -key certs/ca.key -sha256 -subj '/CN=Loki CA' -out certs/ca.pem -days 3650
# Generate Server Certificate
openssl genrsa -out certs/server.key 4096
openssl req -new -key certs/server.key -out certs/server.csr -config <(
cat <<-EOF
[req]
default_bits = 4096
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
CN = loki-backend
[req_ext]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = backend
IP.1 = 127.0.0.1
IP.2 = 0.0.0.0
EOF
)
openssl x509 -req -in certs/server.csr -CA certs/ca.pem -CAkey certs/ca.key -CAcreateserial -out certs/server.pem -days 825 -sha256 -extfile <(
cat <<-EOF
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = backend
IP.1 = 127.0.0.1
IP.2 = 0.0.0.0
EOF
)
# Generate Client Certificate
openssl genrsa -out certs/client.key 4096
openssl req -new -key certs/client.key -out certs/client.csr -config <(
cat <<-EOF
[req]
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = dn
[dn]
CN = loki-backoffice
EOF
)
openssl x509 -req -in certs/client.csr -CA certs/ca.pem -CAkey certs/ca.key -CAcreateserial -out certs/client.pem -days 825 -sha256For more detailed information on certificates, see Certificates Documentation.
Run the following command to apply database migrations:
GO_ENV=development make db:drop db:create db:migratedocker-compose build
docker-compose upcurl -X GET http://localhost:8080/livecurl -X GET http://localhost:8080/readySwagger file is available at api/swagger.yaml
- Loki Infrastructure - Infrastructure setup for the Loki ecosystem
- Loki Backoffice - Backoffice service
- Loki Proto - Protocol buffer definitions
- Loki Frontend - Frontend application
- Smart-ID Client - Smart-ID client used for authentication
- Mobile-ID Client - Mobile-ID client used for authentication
The application follows a layered architecture and clean code principles:
- cmd/loki: Application entry point
- internal/app: Core application logic, including services, controllers, repositories, and DTOs
- internal/config: Configuration loading and setup, server startup, middleware, router initialization, and telemetry configuration
- pkg: Reusable utilities such as JWT token handling and logging
Distributed under the MIT License. See LICENSE for more information.
- SK ID Solutions for providing the Smart-ID and Mobile-ID APIs