Introduction
Tekitoi is a lightweight service that aggregates (or will) most of the oauth2 providers on the market into a single service. The goal is to write the oauth2 service for all the providers once, in an efficient way, and make it available to everybody.
The "efficient" part is really important (to me) considering the current environment state. The goal is to make a service with a minimal memory, CPU and energy footprint.
Although Tekitoi is not made to be a complete alternative to Keycloack (for now), the goal is to have similar features, with a minimal footprint (512Mo of RAM required for Keycloack when Tekitoi consumes 2Mo of RAM).
Installation
Using Docker
Tekitoi is mainly distributed on Docker Hub and you can start it with the following command.
docker run -d \
-e CACHE__URL=redis://redis-hostname \
-p 3000:3000 \
-v /path/to/config.toml:/config.toml:ro \
jdrouet/tekitoi:latest --config /config.toml
You can also use it inside a docker-compose file
services:
cache:
image: redis:alpine
tekitoi:
image: jdrouet/tekitoi:latest
command: --config /config.toml
environment:
CACHE__URL: redis://cache
port:
- 3000:3000
volumes:
- /path/to/config.toml:/config.toml:ro
From source
To compile Tekitoi from the sources, you will just need the rust suite, cargo and git
git clone https://github.com/jdrouet/tekitoi
cd tekitoi/tekitoi-server
cargo build --release
./target/release/tekitoi-server --config /path/to/config.toml
Configuration
Tekitoi can be both configured though environment variables and a configuration file.
Here is a fully filled configuration file.
# Base url to reach Tekitoi. It's used internally to build
# the redirect url sent to any provider
# It can also be specified using the BASE_URL environment variable.
base_url = "http://localhost:3000"
# The level of logging that will be user. Can be info, debug, warn, error or trace.
# It can also be specified using the LOG_LEVEL environment variable.
log_level = "info"
[cache]
# The url to reach the redis cache.
# It can also be specified using the CACHE__URL environment variable.
url = "redis://localhost"
# This is a dictionnary of all the configured clients that tekitoi can serve.
# You can add as many as you need.
[clients.client_name]
# The client ID that the oauth client will need to use
client_id = "something"
# A set of client secrets that the oauth client will need to use
client_secrets = ["foo", "bar"]
# The redirect uri that the oauth client will need to use
redirect_uri = "http://localhost:8080/api/redirect"
# This is a set of providers that you can configure
[clients.client_name.providers.github]
client_id = "github-client-id"
client_secret = "github-client-secret"
# scopes = []
# auth_url = ""
# token_url = ""
# base_api_url = ""
[clients.client_name.providers.gitlab]
client_id = "github-client-id"
client_secret = "github-client-secret"
scopes = ["read_user"]
# auth_url = ""
# token_url = ""
# base_api_url = ""
[clients.client_name.providers.google]
client_id = "google-client-id"
client_secret = "google-client-secret"
scopes = ["openid", "email", "profile"]
# auth_url = ""
# token_url = ""
# base_api_url = ""