Skip to content

Add comprehensive SSL support for JVM OpenID Connect clients (Please Dont Merge - Just Review) #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

Add comprehensive SSL support for JVM OpenID Connect clients (Please Dont Merge - Just Review) #123

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c176b88
Simplify SSL infrastructure by removing ACME/Let's Encrypt support
oberstrike Jul 15, 2025
a6cb0b2
Add comprehensive SSL API for OpenID Connect clients
oberstrike Jul 15, 2025
d06c2db
Add comprehensive SSL sample application with Docker infrastructure
oberstrike Jul 15, 2025
a870700
Add comprehensive SSL documentation and build configuration
oberstrike Jul 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 48 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,51 @@ build
**/.DS_Store
*.hprof
local.properties
.kotlin
.kotlin
*.kotlin_module

node_modules/
*.log

*.xcuserstate
xcuserdata/

*.db
*.sqlite

*.crt
*.key
*.pem
*.p12
*.jks
*.keystore
*.truststore
*.csr
*.srl
*.ext
*.der
*.pfx
*.cer

sample-app/desktop-app-with-ssl/docker/certs/
sample-app/desktop-app-with-ssl/src/jvmMain/resources/ssl/certificates/
sample-app/desktop-app-with-ssl/src/jvmMain/resources/ssl/examples/
**/.oidc-desktop-ssl/

sample-app/desktop-app-with-ssl/scripts/venv/
**/__pycache__/
*.pyc
*.pyo
*.pyd
.Python
env/
venv/
ENV/
env.bak/
venv.bak/

sample-app/desktop-app-with-ssl/docker/.env

*.tmp
*.temp
certificate-info.txt
66 changes: 63 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ Supported platforms:
|---------|--------------|----------------------------------------------|
| Android | Stable | Chrome Custom Tabs |
| iOS | Stable | ASWebAuthenticationSession |
| Desktop | Experimental | Embedded Webserver + Browser |
| Desktop | Experimental | Embedded Webserver + Browser (HTTP/HTTPS) |
| WasmJS | Experimental | Popup Window communicating via postMessage() |

Features:
Expand All @@ -25,7 +25,8 @@ Features:
- Support for [PKCE](https://datatracker.ietf.org/doc/html/rfc7636)
- Simple JWT parsing (```Jwt.parse()```)
- OkHttp + Ktor integration
- Uses Custom Uri Scheme (my-app://), no support for https redirect uris.
- SSL/TLS support for JVM targets (HTTP client configuration + HTTPS redirect server)
- Support for both custom URI schemes and HTTPS redirect URIs

You can find the full Api documentation [here](https://kalinjul.github.io/kotlin-multiplatform-oidc/).

Expand Down Expand Up @@ -211,4 +212,63 @@ val authenticator = OpenIdConnectAuthenticator {
val okHttpClient = OkHttpClient.Builder()
.authenticator(authenticator)
.build()
```
```

# SSL/TLS Support (JVM only) (experimental)
The library provides comprehensive SSL/TLS support for JVM targets, including both HTTP client configuration and HTTPS redirect server capabilities:

## HTTP Client SSL Configuration
Configure SSL/TLS settings for connections to your identity provider:

```kotlin
import org.publicvalue.multiplatform.oidc.OpenIdConnectClientConfig
import org.publicvalue.multiplatform.oidc.ssl.createSslEnabledOpenIdConnectClient
import org.publicvalue.multiplatform.oidc.ssl.ssl
import org.publicvalue.multiplatform.oidc.ExperimentalOpenIdConnect

@OptIn(ExperimentalOpenIdConnect::class)
val config = OpenIdConnectClientConfig("https://example.com/.well-known/openid-configuration").apply {
clientId = "your-client-id"
clientSecret = "your-client-secret"

ssl {
trustStore("/path/to/truststore.jks", "truststore-password")
keyStore("/path/to/client-cert.p12", "client-password") // for mutual TLS
disableCertificateValidation() // development only
disableHostnameVerification() // development only
}
}

val client = createSslEnabledOpenIdConnectClient(config)
```

## HTTPS Redirect Server
Enable HTTPS for the local OAuth redirect server:

```kotlin
import org.publicvalue.multiplatform.oidc.appsupport.JvmCodeAuthFlowFactory
import org.publicvalue.multiplatform.oidc.appsupport.webserver.SslWebserver
import org.publicvalue.multiplatform.oidc.appsupport.ssl.CertificateSourceFactory

@OptIn(ExperimentalOpenIdConnect::class)
val factory = JvmCodeAuthFlowFactory(
port = 8443,
webserverProvider = {
SslWebserver(
enableHttps = true,
certificateSource = CertificateSourceFactory.autoDetect()
)
}
)
```

## Certificate Sources
The library supports multiple certificate sources:
- **Self-signed certificates**: `CertificateSourceFactory.selfSigned()`
- **File-based certificates**: `CertificateSourceFactory.fromFile(file, password)`
- **Resource certificates**: `CertificateSourceFactory.fromResources()`
- **Auto-detection**: `CertificateSourceFactory.autoDetect()`

For detailed SSL configuration examples, see [SSL_EXAMPLES.md](SSL_EXAMPLES.md).

For a complete SSL demo with Docker-based identity provider setup, see the [desktop-app-with-ssl sample](sample-app/desktop-app-with-ssl/).
Loading