Self-sovereign, Decentralised Identity Management and Personal Data Sharing
NOTE: This software is still in development and has not reached a high level of maturity, yet. You are welcome to try it and it would be of great help to us if you report any issues you find.

Step 1: Installation

re:claimID is implemented as part of GNUnet (starting from version >=0.11.5). Packages exist for a variety of Linux distributions as well as Homebrew for macOS. Please refer to the respective package manager documentation on how to install it. We provide some common examples below.

For platforms which do not offer packages or if you prefer not to install GNUnet natively, we also offer a GNUnet docker image as an alternative.

Linux:

$ apt install gnunet
$ gnunet-arm -s

macOS:

$ brew install gnunet
$ gnunet-arm -s

From source (please see the GNUnet installation tutorials):

$ ./configure && make && make install
$ gnunet-arm -s

Alternative: Use a docker container

$ docker run -v $HOME/.local/share/gnunet:/root/.local/share/gnunet -p 7776:7776 -td registry.gitlab.com/reclaimid/gnunet-docker

Step 2: Registering an OpenID Connect client

The easiest way to manage OpenID Connect client is through our CLI tool:

$ gem install reclaim-oidc

To register an OpenID Connect client, execute:

$ reclaim-oidc --add --client-name myclient --redirect-uri https://mywebsite.com/oidc_cb --description "My Client"

You can list all registered clients and your local OpenID Connect metadata required to initiate an authorization code flow by executing:

$ reclaim-oidc --list

The response will look like this

OpenID Connect Provider Information:
------------------------------------
Authorize Endpoint: http://localhost:7776/openid/authorize
Token Endpoint: http://localhost:7776/openid/token
JSON-Web-Token Algorithm: HS512
JSON-Web-Token key: secret
Example Authorization Redirect:
https://api.reclaim/openid/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&response_type=code&scope=email%20full_name&nonce=1234

Registered Clients:
-------------------
name: myclient
client_id: <client_id>
client_secret: <client_secret>
description: My Client
redirect_uri: https://mywebsite.com/oidc_cb
...

NOTE: The client secrets and JWT token signing keys can be configured. However, due to the fact that re:claimID endpoint are running on your local machine, they are not critical.

Step 3: Website integration

You can use the information above to integrate re:claimID as a generic OpenID Connect Identity Provider into the web application of your choice. The integration steps for this part depend on the application you use. Hence, please refer to your respective documentation or the OpenID Connect specifications.

The sources of our demo website can be found in our gitlab project.