STOPnik

The simple and small OAuth2 | OpenId Connect server that secures applications without hassle.

STOPnik does not have any persistence layer and will only work in-memory with the clients and users defined in the configuration file (YAML). When restarted, all issued tokens will become invalid/forgotten by STOPnik.

This project was used to learn OAuth 2.0, OpenId Connect Core 1.0 and Go.

The logo mascot was mostly inspired by the nice work of gopherize.me and redrawn by hand as a vector graphic with additional body and a cool hat.

STOPnik alternatives

The awesome work of other servers is very appreciated, most of them were the inspiration for this small project! ♥️

They add features like persistence and access to user directories like LDAP.

• dex
• Keycloak
• ORY Hydra
• authentik
• ZITADEL
• Spring authorization server
• Node OIDC provider

Related specifications

RFC	Implementation
The OAuth 2.0 Authorization Framework	Yes
Proof Key for Code Exchange by OAuth Public Clients	Yes
OAuth 2.0 Token Introspection	Yes
OAuth 2.0 Token Revocation	Yes
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants	Yes
JSON Web Token (JWT)	Dependency
OAuth 2.0 Authorization Server Metadata	Planned
OAuth 2.0 Device Authorization Grant	Planned
Resource Indicators for OAuth 2.0	Planned
OAuth 2.0 Authorization Server Issuer Identification	Planned
OpenID Connect Core 1.0	Planned
OpenID Connect Discovery 1.0	Planned

Documentation

More details about STOPnik can be found at https://stopnik.webish.dev/

License

The project is licensed under the Apache License, Version 2.0.