CloudNebulaProject/barycenter
1
0
Fork 0
mirror of https://github.com/CloudNebulaProject/barycenter.git synced 2026-04-10 13:10:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
barycenter/book/src
History
Exact
Till Wegmueller 9aa018fc93
feat: Add scope-gated OIDC profile and email claims 
Implement standard OIDC claims support for the userinfo endpoint and
ID token. Claims are stored in the properties table and returned based
on the access token's granted scopes:

- profile scope: preferred_username (falls back to username), name,
  given_name, family_name, nickname, picture, profile, website,
  gender, birthdate, zoneinfo, locale, updated_at
- email scope: email, email_verified (with user record fallback)

Adds bulk property retrieval, shared gather_claims() function used by
both userinfo and build_id_token, and updated discovery metadata.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-24 22:19:54 +01:00
..
admin docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
authentication docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
authz docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
deployment docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
development docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
getting-started docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
oidc feat: Add scope-gated OIDC profile and email claims 2026-03-24 22:19:54 +01:00
reference docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
security docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
README.md docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00
SUMMARY.md docs: Add comprehensive mdbook documentation 2026-02-14 17:59:55 +01:00

README.md

Barycenter

Barycenter is a lightweight, Rust-based OpenID Connect Identity Provider (IdP) that implements the OAuth 2.0 Authorization Code flow with PKCE, WebAuthn/passkey authentication, device authorization grants, and a KDL-based authorization policy engine.

Built on top of axum and SeaORM, Barycenter is designed to be fast, self-contained, and straightforward to operate -- whether you are deploying it as a standalone identity provider or integrating it into a larger distributed system.

Who This Book Is For

  • Operators looking to deploy and configure Barycenter in development or production environments.
  • Application Developers integrating their services with Barycenter as an OIDC provider.
  • Identity Engineers evaluating Barycenter's authentication and authorization capabilities.
  • Contributors who want to understand the internals and extend the project.

How This Book Is Organized

Section Description
Getting Started Project overview, installation, configuration, and a quickstart guide to get tokens flowing.
Authentication Password login, WebAuthn/passkey authentication, two-factor enforcement, and session management.
OpenID Connect Client registration, authorization code flow, token exchange, ID token claims, and discovery.
Authorization KDL-based policy engine combining Relationship-Based Access Control (ReBAC) and Attribute-Based Access Control (ABAC).
Admin GraphQL admin API for user management, background jobs, and operational tasks.
Deployment Docker images, Kubernetes manifests, database choices, and production hardening.
Security Security headers, PKCE enforcement, key management, and threat model considerations.
Development Building from source, running tests, WASM client compilation, and contributing guidelines.
Reference Endpoint reference, configuration keys, entity schemas, and error codes.