Suggested libraries for OIDC
In order to ease the development process and abstract away some complexities of authentication and verifying tokens, we have collected a list of libraries that would be useful when developing a new service that should be secured with OIDC.
The OpenID Foundation certifies libraries that meet the OIDC Specification, you can find a list for Certified Relying Party Libraries here. Alternatively, for a thorough list of suggestions from the Keycloak developers, for many languages, you can view the page here.
You can start by consulting the Keycloak docs and examples, as well as checking out the SSO examples that are provided on our Gitlab docs section:
Python
Python libraries are tricky, because many of them actually implement the full spec and define a new IdP for themselves, without showing simple examples on how users should simply validate their tokens.
Of all the available libraries, we would suggest starting with:
- authlib: https://authlib.org/
- pyoidc: https://github.com/OpenIDC/pyoidc/
The library provides both clients and servers, as well as some claim validation classes. To see a simple example of secure OIDC endpoint, you can check out:
Java
Keycloak comes with builtin libraries for many Java platforms, as well, which is documented in the docs:
Additionally, we have a more complex in-house Spring boot example, available HERE
.NET
.NET core has built-in libraries for providing JWT token validation, as well as audience validation and other things. Tutorial article:
There is a suggested OWIN library on the Keycloak page, but it's targeted towards .NET Framework, not .NET core.
Javascript
Keycloak comes with a built-in library for performing authentication / authorization for Javascript:
Other programming languages (Go, Electron application, Native Applications)
See the examples or the Keycloak docs.