Release August 2025

 * Added CI/CD for GitHub Workflows
 * Updated Postman collection and Fixed the API path
 * Added a new command `make build` to Makefile for purely building dockerfiles
 * Updated README doc with CI/CD badge and a few minor changes and a new Todos
 * Added a new container “Proxy” to distribute the traffic to Golang API supporting both TLS and Non-TLS Connections
 * Fixed TLS bug with Redis Container and Golang Client Connection through TLS
 * Resolved the flow for context and cancellation per request instead of instance of each service
 * Added a new endpoint `/healthz` to assess the health of API and determine the container health
 * Added a new method for Cache `PersistWithTimeToLive` that automatically removes the record after defined duration
 * Updated environment variables in separate file `.env` at the root of `deploy` under  docker package

Author: syniol

.github/workflows/makefile.yml

@@ -0,0 +1,18 @@
+name: Build & Tests
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Build Dockerfiles
+      run: make build

Collection.postman_collection.json

@@ -1,84 +1,106 @@
 {
 	"info": {
-		"_postman_id": "8c2e7d7e-f96f-406c-99ff-632be03e1271",
+		"_postman_id": "59bf083c-a877-459e-87f1-3786cd8b3dd6",
 		"name": "Oauth 2 Password Grant RESTful API Collection",
-		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+		"_exporter_id": "41408414"
 	},
 	"item": [
 		{
-			"name": "Token Request",
+			"name": "Healthz",
+			"request": {
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "https://127.0.0.1/healthz",
+					"protocol": "https",
+					"host": [
+						"127",
+						"0",
+						"0",
+						"1"
+					],
+					"path": [
+						"healthz"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "Clients",
 			"request": {
 				"auth": {
 					"type": "noauth"
 				},
 				"method": "POST",
 				"header": [],
 				"body": {
-					"mode": "urlencoded",
-					"urlencoded": [
-						{
-							"key": "grant_type",
-							"value": "password",
-							"type": "default"
-						},
-						{
-							"key": "username",
-							"value": "johndoe1",
-							"type": "default"
-						},
-						{
-							"key": "password",
-							"value": "MyPassword!",
-							"type": "default"
+					"mode": "raw",
+					"raw": "{\n    \"username\": \"johndoe\",\n    \"password\": \"MyPassword!\"\n}\n",
+					"options": {
+						"raw": {
+							"language": "json"
 						}
-					]
+					}
 				},
 				"url": {
-					"raw": "127.0.0.1:8080/oauth2/token",
+					"raw": "https://127.0.0.1/oauth2/clients",
+					"protocol": "https",
 					"host": [
 						"127",
 						"0",
 						"0",
 						"1"
 					],
-					"port": "8080",
 					"path": [
-						"oauth",
-						"token"
+						"oauth2",
+						"clients"
 					]
 				}
 			},
 			"response": []
 		},
 		{
-			"name": "Clients [Create]",
+			"name": "Token Request",
 			"request": {
 				"auth": {
 					"type": "noauth"
 				},
 				"method": "POST",
 				"header": [],
 				"body": {
-					"mode": "raw",
-					"raw": "{\n    \"username\": \"johndoe1\",\n    \"password\": \"MyPassword!\"\n}\n",
-					"options": {
-						"raw": {
-							"language": "json"
+					"mode": "urlencoded",
+					"urlencoded": [
+						{
+							"key": "grant_type",
+							"value": "password",
+							"type": "default"
+						},
+						{
+							"key": "username",
+							"value": "johndoe",
+							"type": "default"
+						},
+						{
+							"key": "password",
+							"value": "MyPassword!",
+							"type": "default"
 						}
-					}
+					]
 				},
 				"url": {
-					"raw": "127.0.0.1:8080/oauth2/clients",
+					"raw": "https://127.0.0.1/oauth2/token",
+					"protocol": "https",
 					"host": [
 						"127",
 						"0",
 						"0",
 						"1"
 					],
-					"port": "8080",
 					"path": [
-						"oauth",
-						"clients"
+						"oauth2",
+						"token"
 					]
 				}
 			},

Makefile

@@ -2,6 +2,11 @@ help:
 	@awk 'BEGIN {FS = ":.*#"; printf "Usage: make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?#/ { printf "  \033[36m%-10s\033[0m %s\n", $$1, $$2 } /^#@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
 
+.PHONY: build
+build: # Builds all necessary Docker files for for OAuth Authentication services
+	docker-compose -f ./deploy/docker/docker-compose.yml build --no-cache
+
+
 .PHONY: deploy
 deploy: # Deploys Services for OAuth Authentication
 	docker-compose -f ./deploy/docker/docker-compose.yml build

README.md

@@ -1,21 +1,23 @@
-# OAuth 2 Password Grant Type in Golang
-Implementation of standard OAuth V2 for Password Grant type in Golang 
+# OAuth 2.1 Password Grant Type in Golang
+![workflow](https://github.com/syniol/golang-oauth-password-grant/actions/workflows/makefile.yml/badge.svg)
+
+Implementation of standard OAuth 2.1 for Password Grant type in Golang 
 and its native HTTP server.
 
 
 ## Clients API
 ```text
 POST  oauth2/clients HTTP/1.1
-Host: 127.0.0.1:8080
+Host: 127.0.0.1
 Content-Type: application/json
 ```
 
 __Request:__
 ```bash
-curl -k --location --request POST 'https://127.0.0.1:8080/oauth2/clients' \
+curl -k --location --request POST 'https://127.0.0.1/oauth2/clients' \
 --header 'Content-Type: application/json' \
 --data-raw '{
-    "username": "johndoe1",
+    "username": "johndoe2",
     "password": "johnspassword1"
 }'
 ```
@@ -31,13 +33,13 @@ __Response:__
 ## Token API
 ```text
 POST  oauth2/token HTTP/1.1
-Host: 127.0.0.1:8080
+Host: 127.0.0.1
 Content-Type: application/x-www-form-urlencoded
 ```
 
 __Request:__
 ```bash
-curl -k --location --request POST 'https://127.0.0.1:8080/oauth2/token' \
+curl -k --location --request POST 'https://127.0.0.1/oauth2/token' \
 --header 'Content-Type: application/x-www-form-urlencoded' \
 --data-urlencode 'grant_type=password' \
 --data-urlencode 'username=johndoe1' \
@@ -71,19 +73,17 @@ local environment. You will need database & cache storage from docker; you could
 
 ![img](https://github.com/syniol/golang-oauth-password-grant/assets/68777073/5c24392a-29df-41c2-8f11-fd32a1053222)
 
-
-
 ### Todos
- * [x] SSL For Postgres
- * [x] SSL & Password for Redis
- * [x] Cert for Creation of Token (Could be from Infra or Inside the code)
- * [x] TLS Server Listener
- * [ ] Use Docker Secret to share passwords
+ * [ ] Add more documents about this repository and RFC Standard for OAuth 2.1 especially for `password_grant`
+ * [ ] Convert Http Error response to JSON response `errors: []`
+ * [ ] Investigate possibility of volume share for Redis & Go (app) to share TLS certs
+ * [ ] Separate the Docker network for proxy and app to exclude Database (Postgres) & Cache (Redis)
+ * [ ] Increase code coverage
 
 
 #### Credits
 Author: [Hadi Tajallaei](mailto:hadi@syniol.com)
 
-Copyright © 2023 Syniol Limited. All rights reserved.
+Copyright © 2023-2025 Syniol Limited. All rights reserved.
 
 _Please see a [LICENSE file](https://github.com/syniol/golang-oauth-password-grant/blob/main/LICENSE)_

deploy/docker/.env

@@ -0,0 +1,7 @@
+POSTGRES_HOST=database
+POSTGRES_USER=oauth_usr
+POSTGRES_PASSWORD=DummyPassword1
+POSTGRES_DB=oauth
+REDIS_TLS_CERT_FILE=/usr/local/etc/redis/tls/redis.crt
+REDIS_TLS_KEY_FILE=/usr/local/etc/redis/tls/redis.key
+REDIS_TLS_CA_FILE=/usr/local/etc/redis/tls/ca.crt

deploy/docker/docker-compose.debug.yml

@@ -1,4 +1,3 @@
-version: "3"
 services:
   database:
     ports:

deploy/docker/docker-compose.yml

@@ -1,53 +1,86 @@
-version: "3"
 services:
+  proxy:
+    image: oauth_nginx:1.22
+    build:
+      context: ../..
+      dockerfile: deploy/docker/nginx/Dockerfile
+    container_name: oauth_proxy
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    healthcheck:
+      test: curl -k -s -o /dev/null -w "%{http_code}" https://proxy/healthz | grep 200 || exit 1
+      interval: 10s
+      timeout: 5s
+      retries: 3
+    networks:
+      - oauth_authentication_net
+
   app:
     image: oauth_golang:1.18
     build:
       context: ../..
       dockerfile: deploy/docker/golang/Dockerfile
     container_name: oauth_app
+    restart: unless-stopped
+    depends_on:
+      - database
+      - cache
     environment:
-      POSTGRES_USER: oauth_usr
-      POSTGRES_PASSWORD: DummyPassword1
-      POSTGRES_DB: oauth
-      REDIS_PASSWORD: SyniolIsTheFuture
-    ports:
-      - "8080:8080"
+      POSTGRES_HOST: ${POSTGRES_HOST}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+      REDIS_TLS_CERT_FILE: ${REDIS_TLS_CERT_FILE}
+      REDIS_TLS_KEY_FILE: ${REDIS_TLS_KEY_FILE}
+      REDIS_TLS_CA_FILE: ${REDIS_TLS_CA_FILE}
     networks:
-      - oauth_authentication
+      - oauth_authentication_net
 
   database:
     image: oauth_postgres:14
     build:
       context: ../..
       dockerfile: deploy/docker/postgres/Dockerfile
     container_name: oauth_db
+    restart: unless-stopped
     environment:
-      POSTGRES_PASSWORD: DummyPassword1
-      POSTGRES_USER: oauth_usr
-      POSTGRES_DB: oauth
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_DB: ${POSTGRES_DB}
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
     volumes:
       - database_data:/var/lib/postgresql/data
     networks:
-      - oauth_authentication
+      - oauth_authentication_net
 
   cache:
     image: oauth_redis:6
     build:
       context: ../..
       dockerfile: deploy/docker/redis/Dockerfile
     container_name: oauth_cache
-    environment:
-      REDIS_PASSWORD: SyniolIsTheFuture
+    restart: unless-stopped
+    healthcheck:
+      test: [ "CMD-SHELL", "redis-cli --tls --cert $${REDIS_TLS_CERT_FILE} --key $${REDIS_TLS_KEY_FILE} --cacert $${REDIS_TLS_CA_FILE} --insecure PING | grep PONG" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
     volumes:
       - cache_data:/data
     networks:
-      - oauth_authentication
+      - oauth_authentication_net
 
 volumes:
   database_data:
+    name: oauth_database_data
   cache_data:
+    name: oauth_cache_data
 
 networks:
-  oauth_authentication:
-    driver: bridge
+  oauth_authentication_net:

deploy/docker/golang/Dockerfile

@@ -29,6 +29,14 @@ RUN addgroup -S myapp \
 RUN chown myapp:myapp server.crt  \
     && chown myapp:myapp server.key
 
+COPY ./deploy/docker/redis/tls/ /usr/local/etc/redis/tls/
+
+WORKDIR /usr/local/etc/redis/tls
+
+RUN chown myapp:myapp redis.crt  \
+    && chown myapp:myapp redis.key \
+    && chown myapp:myapp ca.crt
+
 
 
 FROM scratch
@@ -39,6 +47,9 @@ COPY --from=builder /var/local/app/server.key .
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 
 COPY --from=builder /etc/passwd /etc/passwd
+
+COPY --from=builder /usr/local/etc/redis/tls/ /usr/local/etc/redis/tls/
+
 USER myapp
 
 ENTRYPOINT ["/restapi"]