Introduction

Tekitoi is a lightweight service that aggregates (or will) most of the oauth2 providers on the market into a single service. The goal is to write the oauth2 service for all the providers once, in an efficient way, and make it available to everybody.

The "efficient" part is really important (to me) considering the current environment state. The goal is to make a service with a minimal memory, CPU and energy footprint.

Although Tekitoi is not made to be a complete alternative to Keycloack (for now), the goal is to have similar features, with a minimal footprint (512Mo of RAM required for Keycloack when Tekitoi consumes 2Mo of RAM).

Installation

Using Docker

Tekitoi is mainly distributed on Docker Hub and you can start it with the following command.

docker run -d \
  -e CACHE__URL=redis://redis-hostname \
  -p 3000:3000 \
  -v /path/to/config.toml:/config.toml:ro \
  jdrouet/tekitoi:latest --config /config.toml

You can also use it inside a docker-compose file

services:
  cache:
    image: redis:alpine
  
  tekitoi:
    image: jdrouet/tekitoi:latest
    command: --config /config.toml
    environment:
      CACHE__URL: redis://cache
    port:
      - 3000:3000
    volumes:
      - /path/to/config.toml:/config.toml:ro

From source

To compile Tekitoi from the sources, you will just need the rust suite, cargo and git

git clone https://github.com/jdrouet/tekitoi
cd tekitoi/tekitoi-server
cargo build --release
./target/release/tekitoi-server --config /path/to/config.toml

Configuration

Tekitoi can be both configured though environment variables and a configuration file.

Here is a fully filled configuration file.

# Base url to reach Tekitoi. It's used internally to build
# the redirect url sent to any provider
# It can also be specified using the BASE_URL environment variable.
base_url = "http://localhost:3000"
# The level of logging that will be user. Can be info, debug, warn, error or trace.
# It can also be specified using the LOG_LEVEL environment variable.
log_level = "info"

[cache]
# The url to reach the redis cache.
# It can also be specified using the CACHE__URL environment variable.
url = "redis://localhost"

# This is a dictionnary of all the configured clients that tekitoi can serve.
# You can add as many as you need.
[clients.client_name]
# The client ID that the oauth client will need to use
client_id = "something"
# A set of client secrets that the oauth client will need to use
client_secrets = ["foo", "bar"]
# The redirect uri that the oauth client will need to use
redirect_uri = "http://localhost:8080/api/redirect"

# This is a set of providers that you can configure
[clients.client_name.providers.github]
client_id = "github-client-id"
client_secret = "github-client-secret"
# scopes = []
# auth_url = ""
# token_url = ""
# base_api_url = ""

[clients.client_name.providers.gitlab]
client_id = "github-client-id"
client_secret = "github-client-secret"
scopes = ["read_user"]
# auth_url = ""
# token_url = ""
# base_api_url = ""

[clients.client_name.providers.google]
client_id = "google-client-id"
client_secret = "google-client-secret"
scopes = ["openid", "email", "profile"]
# auth_url = ""
# token_url = ""
# base_api_url = ""

Examples

Contributors