The FedID Server

The FedID Server is a web service that provides the core functionality of the FIDC system. It is responsible for managing the relationships between users and the services they use, as well as providing a standardized interface for services to interact with users through the DID document.

The server is designed to be highly scalable and can be easily set up to run on a single machine or in the cloud via a docker container.

Basic setup via Docker

The below example is a basic setup for leveraging FedID. This example assume no services will be using FIDC on this server. This additional configuration can be seen below.

version: '3.8'

services:

  fedid-server:
    image: fedid/server:latest
    container_name: fedid-server
    environment:
      CONFIG: '{
                "hostname": "fedid.domain.ext",
                "port": 3000,
                "schema": "https",
                "primaryDomain": "domain.ext",
                "domains": [
                  "domain.ext"
                ],
                "dbUrl": "postgresql://fedid:password@fedid-db/fedid",
                "redisUrl": "redis://fedid-redis:6379",
                "allowInsecure": true
              }'
    restart: unless-stopped
    depends_on:
      - fedid-db
      - fedid-redis
    networks:
      - fedid

  fedid-db:
    image: postgres:15-alpine
    container_name: fedid-db
    hostname: postgres
    environment:
      - POSTGRES_USER=fedid
      - POSTGRES_PASSWORD=password
      - POSTGRES_DB=fedid
    volumes:
      - ./data/fedid-db:/var/lib/postgresql/data
    restart: unless-stopped
    networks:
      - fedid      

  fedid-redis:
    image: redis
    container_name: fedid-redis
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 10s
      timeout: 30s
      retries: 3
    restart: unless-stopped
    networks:
      - fedid

networks:
  fedid:      

The below configuration options are required:

Configuration variable	Description
`hostname`	The hostname of your FedID Server
`port`	The port it is running on
`schema`	The public-facing schema being utilized (proxy)
`primaryDomain`	If the FedID Server supports multiple domains, the default used
`domains`	An array of domains allowed to be used by this FedID Server
`dbURL`	The PostgreSQL database URL
`rediUrl`	The Redis URL
`allowInsecure`	Allows for the use of `http` in `schema`

Allowing services to leverage your server for FIDC

Adding the services key to your configuration enables FIDC use for OIDC compatible sites. Each site can have it's own configurable style for their SSO login screen.

A complete Server UI is being planned so that users can register and login to a FedID Server to administer this configuration themselves.

      CONFIG: '{
                ...
                "services": [
                  {
                    "client": {
                      "id": "myclientid",
                      "secret": "myclientsecret",
                      "redirectUris": [
                        "https://outline.domain.ext/auth/oidc.callback"
                      ]
                    },
                    "display": {
                      "logo": {
                        "url": "https://www.getoutline.com/images/logo.svg",
                        "style": "filter: invert(1);"
                      },
                      "title": {
                        "text": "Login to Outline with FedID",
                        "style": "font-weight: bold; color: #31A9BA;"
                      },
                      "body": {
                        "text": "Scan the below QR code with our mobile app, or any FedID compatible application.",
                        "style": "background-color: #231641; color: #FFFFFF; font-family: ''Roboto'', ''Helvetica'', ''Arial'', sans-serif; line-height: 1.5;"
                      },
                      "buttons": {
                        "text": "#FFFFFF",
                        "background": "#31A9BA"
                      }
                    }
                  }
                ],                
                ...
              }'

The below configuration options are required when using services:

Configuration variable	Description
`client.id`	The OIDC client id
`client.secret`	The OIDC client secret
`client.redirectUris`	Callback URIs for OIDC
`display.logo.url`	The URL to the logo to display at the top of the login screen
`display.logo.style`	CSS styles to apply to the logo
`title.text`	Content to place in the title block of the login screen
`title.style`	CSS styles to apply to the title
`body.text`	Body content to place underneath the title
`body.style`	CSS styles to apply to the body (entire page)
`buttons.text`	The text color for buttons
`buttons.background`	The background color for buttons

After configuring the above, OIDC can be set up on the site to connect to the FIDC providing server. The example below is from a docker compose file for Outline.

- OIDC_CLIENT_ID=myclientid
- OIDC_CLIENT_SECRET=myclientsecret
- OIDC_AUTH_URI=https://fedid.domain.ext/oidc/auth
- OIDC_TOKEN_URI=https://fedid.domain.ext/oidc/token
- OIDC_USERINFO_URI=https://fedid.domain.ext/oidc/me
- OIDC_LOGOUT_URI=https://fedid.domain.ext/oidc/token/revocation

A full Docker Compose file running two FedID Servers federated together with an instance of Outline allowing logins via one of the FedID Servers can be found on the codeberg repo.

Basic setup via Docker​

Allowing services to leverage your server for FIDC​

Basic setup via Docker

Allowing services to leverage your server for FIDC