About

STOPnik is a small, fast and secure authorization server with an minimal amount of dependencies.

Dependencies

Currently, STOPnik only depends on

• github.com/google/uuid v1.6.0 (generate UUID)
• github.com/lestrrat-go/jwx/v2 v2.1.1 (handle JWT, JWK, JWE, etc…)
• gopkg.in/yaml.v3 v3.0.1 (parse YAML files)

Related specifications

Specifications	Implementation
The OAuth 2.0 Authorization Framework	Yes
Proof Key for Code Exchange by OAuth Public Clients	Yes
OAuth 2.0 Token Introspection	Yes
OAuth 2.0 Token Revocation	Yes
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants	Yes
JSON Web Token (JWT)	Dependency
OAuth 2.0 Authorization Server Metadata	Partially
OAuth 2.0 Device Authorization Grant	Planned
The OAuth 2.0 Authorization Framework: Bearer Token Usage	Planned
Resource Indicators for OAuth 2.0	Planned
OAuth 2.0 Authorization Server Issuer Identification	Planned
OpenID Connect Core 1.0	Partially
OpenID Connect Discovery 1.0	Partially
OpenID Connect Session Management 1.0	Planned
OpenID Connect Front-Channel Logout 1.0	Planned

Why STOPnik exists?

In general this project was started to learn OAuth2, OpenId Connect and Go. Furthermore, it was also created to be used in a Homelab and VPS to replace the current Keycloak, which adds too much load to the VPS and has to many configuration possibilities.

STOPnik does not have any persistence layer and will only work in-memory with the clients and users defined in the configuration file (YAML). When restarted, all issued tokens will become invalid/forgotten by STOPnik.

You still may consider using another authorization server.

STOPnik alternatives

The awesome work of other servers is very appreciated, most of them were the inspiration for this small project! ♥️

They add features like persistence and access to user directories like LDAP.

• dex
• Keycloak
• ORY Hydra
• authentik
• ZITADEL
• Spring authorization server
• Node OIDC provider