No description
- Go 63.4%
- CSS 14.5%
- JavaScript 9.9%
- HTML 9.5%
- Dockerfile 1.6%
- Other 1.1%
| cmd/d8 | ||
| internal | ||
| web | ||
| .env.example | ||
| .gitignore | ||
| docker-compose.yml | ||
| Dockerfile | ||
| go.mod | ||
| keygen.sh | ||
| README.md | ||
ꄗ D8 — Decentralised Identity Provider
D8 is a self-hosted OpenID Connect (OIDC) identity provider written in Go.
It lets you run your own login server — your identity, your server, your control.
Licence: CC0 (public domain) — use it however you want.
Features
- OpenID Connect / OIDC — act as an IdP for any OIDC-compatible app
- Passkeys (WebAuthn) — sign in with Face ID, Touch ID, or a hardware key
- Password login — bcrypt-hashed, with session cookies
- SMTP with fallback — primary + secondary SMTP server support
- MariaDB storage — users, sessions, passkeys, OIDC clients
- Material You inspired UI — light / dark / auto theme, mobile-friendly
- Docker Compose — one command to start everything
- KISS / minimalist — well-commented code, easy to read and modify
Quick start
Prerequisites
- Docker + Docker Compose
- OpenSSL (for key generation)
Steps
# 1. Clone the repo
git clone https://github.com/yourname/d8.git
cd d8
# 2. Generate the JWT signing key
sh keygen.sh
# 3. Create your config
cp .env.example .env
# Edit .env with your domain, SMTP, etc.
# 4. Copy key into Docker volume
docker run --rm -v d8-keys:/keys -v $(pwd)/keys:/src alpine \
cp /src/private.pem /keys/private.pem
# 5. Start everything
docker compose up -d
# 6. Open in browser
open http://localhost:8080
Configuration
All settings are environment variables. See .env.example for the full list.
| Variable | Description | Default |
|---|---|---|
D8_ISSUER |
Your public URL | http://localhost:8080 |
D8_RP_ID |
WebAuthn relying party domain | localhost |
D8_RP_ORIGIN |
Full WebAuthn origin | http://localhost:8080 |
D8_SMTP_HOST |
Primary SMTP host | — |
D8_SMTP_FALLBACK_HOST |
Fallback SMTP host | — |
DB_USER / DB_PASS |
MariaDB credentials | d8 / d8pass |
OIDC endpoints
| Endpoint | Description |
|---|---|
/.well-known/openid-configuration |
Discovery document |
/oidc/authorize |
Start authorisation flow |
/oidc/token |
Exchange code for tokens |
/oidc/userinfo |
Get user profile |
Registering a client app
Insert a row into the oidc_clients table:
INSERT INTO oidc_clients (id, client_id, client_secret, redirect_uris, name)
VALUES (UUID(), 'myapp', 'mysecret', 'https://myapp.example.com/callback', 'My App');
Then configure your app to use:
- Issuer: your D8 URL
- Client ID / Secret: from the row above
Project structure
d8/
├── cmd/d8/ # main entry point
├── internal/
│ ├── auth/ # password hashing, sessions
│ ├── config/ # environment config loader
│ ├── db/ # MariaDB connection + migrations
│ ├── email/ # SMTP sender with fallback
│ ├── handler/ # HTTP handlers (auth, OIDC, passkey)
│ ├── middleware/ # session middleware
│ ├── oidc/ # JWT issuing, auth code flow
│ └── passkey/ # WebAuthn wrapper
├── web/
│ ├── templates/ # HTML templates
│ └── static/ # CSS, JS
├── Dockerfile
├── docker-compose.yml
├── .env.example
└── keygen.sh
Licence
CC0 1.0 Universal — public domain dedication.
See https://creativecommons.org/publicdomain/zero/1.0/