Question 1

How do I build an OIDC server with zitadel/oidc in Go?

Accepted Answer

Use the example server from the /example folder; run 'go run github.com/zitadel/oidc/v3/example/server' and configure environment variables like PORT and REDIRECT_URI as described in the README for basic setup.

Question 2

zitadel/oidc vs go-oidc: which is better for a client?

Accepted Answer

zitadel/oidc is certified and supports both client and server, while go-oidc is client-only. If you need certification or plan to implement a server later, choose zitadel/oidc; for a minimal client, go-oidc might suffice.

Question 3

Does zitadel/oidc handle PKCE for mobile or SPA apps?

Accepted Answer

Yes, PKCE is fully supported for both client and server, as shown in the features table and demonstrated in the example code for authorization code flow with various authentication methods.

Question 4

What OIDC flows are missing in zitadel/oidc?

Accepted Answer

Implicit Flow is not supported for clients, and Hybrid Flow is not yet available for servers, as per the features table. mTLS support is also listed as 'not yet' for both sides.

Question 5

Is zitadel/oidc good for production IAM systems?

Accepted Answer

Yes, it's certified and has high test coverage, but consider the missing features like mTLS and the limited feature review process, which might affect long-term maintenance for advanced needs.

Question 6

How to implement token exchange with this library?

Accepted Answer

Token Exchange is supported as per RFC 8693; refer to the features table and likely use the /client/rp or /op packages, though specific example code for this flow isn't detailed in the provided README snippets.

oidc

What is oidc?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions