commit 8ba7b5d492d768e2a6088c5029af58b14f4d0470
Author: William Petit <wpetit@cadoles.com>
Date:   Wed May 20 10:43:12 2020 +0200

    Initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9c23cd3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+/vendor
+/data
+/bin
+/.vscode
\ No newline at end of file
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..2969816
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,30 @@
+build:
+
+build: vendor-server
+	CGO_ENABLED=0 go build -mod=vendor -v -o ./bin/server ./cmd/server
+
+test:
+	go test -v -race ./...
+
+release:
+	@$(SHELL) ./misc/script/release.sh
+
+vendor-%:
+	cd cmd/$* && go mod vendor
+
+tidy:
+	go mod tidy
+
+watch:
+	modd
+
+lint:
+	golangci-lint run --enable-all
+
+clean:
+	rm -rf release
+	rm -rf data
+	rm -rf vendor
+	rm -rf bin
+
+.PHONY: lint watch build vendor tidy release
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a3f4254
--- /dev/null
+++ b/README.md
@@ -0,0 +1,34 @@
+# hydra-passwordless
+
+## Démarrer avec les sources
+
+```shell
+# Dans un premier terminal, lancer le serveur hydra-passwordless
+make watch
+
+# Dans un second terminal, lancer le serveur hydra
+make hydra
+
+# Dans un dernier terminal, générer le clientId et le clientSecret 
+# pour le serveur hydra-passwordless
+make create-client
+```
+
+Reporter ces éléments dans le fichier de configuration data/server.yml, section "testApp":
+
+```yaml
+testApp:
+  enabled: true
+  clientId: <clientId>
+  clientSecret: <clientSecret>
+```
+
+Vous devriez pouvoir accéder à l'URL http://localhost:3000/test, qui vous redirigera automatiquement vers la mire d'authentification.
+
+## FAQ
+
+### Générer une version de distribution
+
+```
+make release
+```
\ No newline at end of file
diff --git a/client.go b/client.go
new file mode 100644
index 0000000..e1aee9b
--- /dev/null
+++ b/client.go
@@ -0,0 +1,120 @@
+package oidc
+
+import (
+	"net/http"
+
+	"github.com/coreos/go-oidc"
+	"github.com/dchest/uniuri"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/middleware/container"
+	"gitlab.com/wpetit/goweb/service/session"
+	"golang.org/x/oauth2"
+)
+
+type Client struct {
+	oauth2   *oauth2.Config
+	provider *oidc.Provider
+	verifier *oidc.IDTokenVerifier
+}
+
+func (c *Client) Verifier() *oidc.IDTokenVerifier {
+	return c.verifier
+}
+
+func (c *Client) Provider() *oidc.Provider {
+	return c.provider
+}
+
+func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
+	ctn := container.Must(r.Context())
+
+	sess, err := session.Must(ctn).Get(w, r)
+	if err != nil {
+		panic(errors.Wrap(err, "could not retrieve session"))
+	}
+
+	state := uniuri.New()
+
+	sess.Set(SessionOIDCStateKey, state)
+
+	if err := sess.Save(w, r); err != nil {
+		panic(errors.Wrap(err, "could not save session"))
+	}
+
+	http.Redirect(w, r, c.oauth2.AuthCodeURL(state), http.StatusFound)
+}
+
+func (c *Client) Logout(w http.ResponseWriter, r *http.Request) {
+	ctn := container.Must(r.Context())
+
+	sess, err := session.Must(ctn).Get(w, r)
+	if err != nil {
+		panic(errors.Wrap(err, "could not retrieve session"))
+	}
+
+	state := uniuri.New()
+
+	sess.Set(SessionOIDCStateKey, state)
+
+	if err := sess.Save(w, r); err != nil {
+		panic(errors.Wrap(err, "could not save session"))
+	}
+
+	http.Redirect(w, r, c.oauth2.AuthCodeURL(state), http.StatusFound)
+}
+
+func (c *Client) Validate(w http.ResponseWriter, r *http.Request) (*oidc.IDToken, error) {
+	ctx := r.Context()
+	ctn := container.Must(ctx)
+
+	sess, err := session.Must(ctn).Get(w, r)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not retrieve session")
+	}
+
+	state, ok := sess.Get(SessionOIDCStateKey).(string)
+	if !ok {
+		return nil, errors.New("invalid state")
+	}
+
+	if r.URL.Query().Get("state") != state {
+		return nil, errors.New("state mismatch")
+	}
+
+	code := r.URL.Query().Get("code")
+
+	token, err := c.oauth2.Exchange(ctx, code)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not exchange token")
+	}
+
+	rawIDToken, ok := token.Extra("id_token").(string)
+	if !ok {
+		return nil, errors.New("could not find id token")
+	}
+
+	idToken, err := c.verifier.Verify(ctx, rawIDToken)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not verify id token")
+	}
+
+	return idToken, nil
+}
+
+func NewClient(opts ...OptionFunc) *Client {
+	opt := fromDefault(opts...)
+
+	oauth2 := &oauth2.Config{
+		ClientID:     opt.ClientID,
+		ClientSecret: opt.ClientSecret,
+		Endpoint:     opt.Provider.Endpoint(),
+		RedirectURL:  opt.RedirectURL,
+		Scopes:       opt.Scopes,
+	}
+
+	verifier := opt.Provider.Verifier(&oidc.Config{
+		ClientID: opt.ClientID,
+	})
+
+	return &Client{oauth2, opt.Provider, verifier}
+}
diff --git a/cmd/server/container.go b/cmd/server/container.go
new file mode 100644
index 0000000..dd30acb
--- /dev/null
+++ b/cmd/server/container.go
@@ -0,0 +1,90 @@
+package main
+
+import (
+	"context"
+	"log"
+	"net/http"
+
+	"gitlab.com/wpetit/goweb/template/html"
+
+	oidc "forge.cadoles.com/wpetit/goweb-oidc"
+	"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
+	"github.com/gorilla/sessions"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/service"
+	"gitlab.com/wpetit/goweb/service/build"
+	"gitlab.com/wpetit/goweb/service/session"
+	"gitlab.com/wpetit/goweb/service/template"
+	"gitlab.com/wpetit/goweb/session/gorilla"
+)
+
+func getServiceContainer(conf *config.Config) (*service.Container, error) {
+	// Initialize and configure service container
+	ctn := service.NewContainer()
+
+	ctn.Provide(build.ServiceName, build.ServiceProvider(ProjectVersion, GitRef, BuildDate))
+
+	// Generate random cookie authentication key if none is set
+	if conf.HTTP.CookieAuthenticationKey == "" {
+		log.Println("could not find cookie authentication key. generating one...")
+
+		cookieAuthenticationKey, err := gorilla.GenerateRandomBytes(64)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not generate cookie authentication key")
+		}
+
+		conf.HTTP.CookieAuthenticationKey = string(cookieAuthenticationKey)
+	}
+
+	// Generate random cookie encryption key if none is set
+	if conf.HTTP.CookieEncryptionKey == "" {
+		log.Println("could not find cookie encryption key. generating one...")
+
+		cookieEncryptionKey, err := gorilla.GenerateRandomBytes(32)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not generate cookie encryption key")
+		}
+
+		conf.HTTP.CookieEncryptionKey = string(cookieEncryptionKey)
+	}
+
+	// Create and initialize HTTP session service provider
+	cookieStore := sessions.NewCookieStore(
+		[]byte(conf.HTTP.CookieAuthenticationKey),
+		[]byte(conf.HTTP.CookieEncryptionKey),
+	)
+
+	// Define default cookie options
+	cookieStore.Options = &sessions.Options{
+		Path:     "/",
+		HttpOnly: true,
+		MaxAge:   conf.HTTP.CookieMaxAge,
+		SameSite: http.SameSiteStrictMode,
+	}
+
+	ctn.Provide(
+		session.ServiceName,
+		gorilla.ServiceProvider("oidc-test", cookieStore),
+	)
+
+	// Create and expose template service provider
+	ctn.Provide(template.ServiceName, html.ServiceProvider(
+		conf.HTTP.TemplateDir,
+	))
+
+	// Create and expose config service provider
+	ctn.Provide(config.ServiceName, config.ServiceProvider(conf))
+
+	ctx := context.Background()
+	provider, err := oidc.NewProvider(ctx, conf.OIDC.IssuerURL)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not create oidc provider")
+	}
+
+	ctn.Provide(oidc.ServiceName, oidc.ServiceProvider(
+		oidc.WithCredentials(conf.OIDC.ClientID, conf.OIDC.ClientSecret),
+		oidc.WithProvider(provider),
+	))
+
+	return ctn, nil
+}
diff --git a/cmd/server/main.go b/cmd/server/main.go
new file mode 100644
index 0000000..29aa4c6
--- /dev/null
+++ b/cmd/server/main.go
@@ -0,0 +1,113 @@
+package main
+
+import (
+	"net/http"
+
+	"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
+	"forge.cadoles.com/wpetit/goweb-oidc/internal/route"
+
+	"github.com/go-chi/chi"
+	"github.com/go-chi/chi/middleware"
+	"gitlab.com/wpetit/goweb/middleware/container"
+
+	"flag"
+	"fmt"
+	"log"
+
+	"os"
+
+	"github.com/pkg/errors"
+)
+
+//nolint: gochecknoglobals
+var (
+	configFile = ""
+	workdir    = ""
+	dumpConfig = false
+	version    = false
+)
+
+// nolint: gochecknoglobals
+var (
+	GitRef         = "unknown"
+	ProjectVersion = "unknown"
+	BuildDate      = "unknown"
+)
+
+//nolint: gochecknoinits
+func init() {
+	flag.StringVar(&configFile, "config", configFile, "configuration file")
+	flag.StringVar(&workdir, "workdir", workdir, "working directory")
+	flag.BoolVar(&dumpConfig, "dump-config", dumpConfig, "dump configuration and exit")
+	flag.BoolVar(&version, "version", version, "show version and exit")
+}
+
+func main() {
+	flag.Parse()
+
+	if version {
+		fmt.Printf("%s (%s) - %s\n", ProjectVersion, GitRef, BuildDate)
+
+		os.Exit(0)
+	}
+
+	// Switch to new working directory if defined
+	if workdir != "" {
+		if err := os.Chdir(workdir); err != nil {
+			log.Fatalf("%+v", errors.Wrapf(err, "could not change working directory to '%s'", workdir))
+		}
+	}
+
+	// Load configuration file if defined, use default configuration otherwise
+	var conf *config.Config
+
+	var err error
+
+	if configFile != "" {
+		conf, err = config.NewFromFile(configFile)
+		if err != nil {
+			log.Fatalf("%+v", errors.Wrapf(err, "could not load config file '%s'", configFile))
+		}
+	} else {
+		if dumpConfig {
+			conf = config.NewDumpDefault()
+		} else {
+			conf = config.NewDefault()
+		}
+
+	}
+
+	// Dump configuration if asked
+	if dumpConfig {
+		if err := config.Dump(conf, os.Stdout); err != nil {
+			log.Fatalf("%+v", errors.Wrap(err, "could not dump config"))
+		}
+
+		os.Exit(0)
+	}
+
+	// Create service container
+	ctn, err := getServiceContainer(conf)
+	if err != nil {
+		log.Fatalf("%+v", errors.Wrap(err, "could not create service container"))
+	}
+
+	r := chi.NewRouter()
+
+	// Define base middlewares
+	r.Use(middleware.Logger)
+	r.Use(middleware.Recoverer)
+
+	// Expose service container on router
+	r.Use(container.ServiceContainer(ctn))
+
+	// Define routes
+	if err := route.Mount(r, conf); err != nil {
+		log.Fatalf("%+v", errors.Wrap(err, "could not mount http routes"))
+	}
+
+	log.Printf("listening on '%s'", conf.HTTP.Address)
+	if err := http.ListenAndServe(conf.HTTP.Address, r); err != nil {
+		log.Fatalf("%+v", errors.Wrapf(err, "could not listen on '%s'", conf.HTTP.Address))
+	}
+}
diff --git a/cmd/server/template/blocks/base.html.tmpl b/cmd/server/template/blocks/base.html.tmpl
new file mode 100644
index 0000000..f34cc87
--- /dev/null
+++ b/cmd/server/template/blocks/base.html.tmpl
@@ -0,0 +1,18 @@
+{{define "base"}}
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>{{block "title" . -}}{{- end}}</title>
+    {{- block "head_style" . -}}
+    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.8.0/css/bulma.min.css" />
+    {{end}}
+    {{- block "head_script" . -}}{{end}}
+  </head>
+  <body>
+  {{- block "body" . -}}{{- end -}}
+  {{- block "body_script" . -}}{{end}}
+  </body>
+</html>
+{{end}}
\ No newline at end of file
diff --git a/cmd/server/template/blocks/flash.html.tmpl b/cmd/server/template/blocks/flash.html.tmpl
new file mode 100644
index 0000000..577a6bc
--- /dev/null
+++ b/cmd/server/template/blocks/flash.html.tmpl
@@ -0,0 +1,23 @@
+{{define "flash"}}
+  <div class="flash has-margin-top-small has-margin-bottom-small">
+    {{- range .Flashes -}}
+      {{- if eq .Type "error" -}}
+        {{template "flash_message" map "Title" "Erreur" "MessageClass" "is-danger" "Message" .Message }}
+      {{- else if eq .Type "warn" -}}
+        {{template "flash_message" map "Title" "Attention" "MessageClass" "is-warning" "Message" .Message }}
+      {{- else if eq .Type "success" -}}
+        {{template "flash_message" map "Title" "Succès" "MessageClass" "is-success" "Message" .Message }}
+      {{- else -}}
+        {{template "flash_message" map "Title" "Information" "MessageClass" "is-info" "Message" .Message }}
+      {{- end -}}
+    {{- end -}}
+  </div>
+{{end}}
+
+{{define "flash_message" -}}
+  <div class="message {{.MessageClass}}">
+    <div class="message-body">
+      <span class="has-text-weight-bold">{{.Title}}</span> {{.Message}}
+    </div>
+  </div>
+{{- end}}
\ No newline at end of file
diff --git a/cmd/server/template/blocks/footer.html.tmpl b/cmd/server/template/blocks/footer.html.tmpl
new file mode 100644
index 0000000..3b4081c
--- /dev/null
+++ b/cmd/server/template/blocks/footer.html.tmpl
@@ -0,0 +1,7 @@
+{{define "footer"}}
+<p class="has-margin-top-small has-text-right is-size-7 has-text-grey">
+  Version: {{ .BuildInfo.ProjectVersion }} - 
+  Réf.: {{ .BuildInfo.GitRef }} - 
+  Date de construction: {{ .BuildInfo.BuildDate }}
+</p>
+{{end}}
\ No newline at end of file
diff --git a/cmd/server/template/blocks/header.html.tmpl b/cmd/server/template/blocks/header.html.tmpl
new file mode 100644
index 0000000..83e0e81
--- /dev/null
+++ b/cmd/server/template/blocks/header.html.tmpl
@@ -0,0 +1,16 @@
+{{define "header"}}
+<div class="columns is-mobile">
+  <div class="column is-4-tablet is-8-mobile">
+    <div class="columns is-mobile is-gapless">
+      <div class="column is-narrow">
+        <h1 class="is-size-3 title"><a href="/" rel="Homepage" class="has-text-black">OIDC Test App</a></h1>
+      </div>
+    </div>
+  </div>
+  <div class="column">
+    <div class="buttons is-right">
+      <a class="button" href="/logout">Logout</a>
+    </div>
+  </div>
+</div>
+{{end}}
\ No newline at end of file
diff --git a/cmd/server/template/layouts/home.html.tmpl b/cmd/server/template/layouts/home.html.tmpl
new file mode 100644
index 0000000..8ccc566
--- /dev/null
+++ b/cmd/server/template/layouts/home.html.tmpl
@@ -0,0 +1,12 @@
+{{define "title"}}Accueil{{end}}
+{{define "body"}}
+<section class="home is-fullheight section">
+  <div class="container">
+    {{template "header" .}}
+    <h2 class="is-size-4">Jeton OpenID Connect</h2>
+    <pre>{{ .JSONIDToken }}</pre>
+    {{template "footer" .}}
+  </div>
+</section>
+{{end}}
+{{template "base" .}}
diff --git a/go.mod b/go.mod
new file mode 100644
index 0000000..8a13ac9
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,17 @@
+module forge.cadoles.com/wpetit/goweb-oidc
+
+go 1.14
+
+require (
+	github.com/coreos/go-oidc v2.2.1+incompatible
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5
+	github.com/go-chi/chi v4.1.0+incompatible
+	github.com/gorilla/sessions v1.2.0
+	github.com/pkg/errors v0.9.1
+	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
+	gitlab.com/wpetit/goweb v0.0.0-20200418152305-76dea96a46ce
+	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
+	gopkg.in/yaml.v2 v2.2.8
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..ca9d749
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,247 @@
+cdr.dev/slog v1.3.0 h1:MYN1BChIaVEGxdS7I5cpdyMC0+WfJfK8BETAfzfLUGQ=
+cdr.dev/slog v1.3.0/go.mod h1:C5OL99WyuOK8YHZdYY57dAPN1jK2WJlCdq2VP6xeQns=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.49.0/go.mod h1:hGvAdzcWNbyuxS3nWhD7H2cIJxjRRTRLQVB0bdputVY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
+github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
+github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
+github.com/alecthomas/assert v0.0.0-20170929043011-405dbfeb8e38/go.mod h1:r7bzyVFMNntcxPZXK3/+KdruV1H5KSlyVY0gc+NgInI=
+github.com/alecthomas/chroma v0.7.0 h1:z+0HgTUmkpRDRz0SRSdMaqOLfJV4F+N1FPDZUZIDUzw=
+github.com/alecthomas/chroma v0.7.0/go.mod h1:1U/PfCsTALWWYHDnsIQkxEBM0+6LLe0v8+RSVMOwxeY=
+github.com/alecthomas/colour v0.0.0-20160524082231-60882d9e2721/go.mod h1:QO9JBoKquHd+jz9nshCh40fOfO+JzsoXy8qTHF68zU0=
+github.com/alecthomas/kong v0.1.17-0.20190424132513-439c674f7ae0/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI=
+github.com/alecthomas/kong v0.2.1-0.20190708041108-0548c6b1afae/go.mod h1:+inYUSluD+p4L8KdviBSgzcqEjUQOfC5fQDRFuc36lI=
+github.com/alecthomas/kong-hcl v0.1.8-0.20190615233001-b21fea9723c8/go.mod h1:MRgZdU3vrFd05IQ89AxUZ0aYdF39BYoNFa324SodPCA=
+github.com/alecthomas/repr v0.0.0-20180818092828-117648cd9897/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
+github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
+github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=
+github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964 h1:y5HC9v93H5EPKqaS1UYVg1uYah5Xf51mBfIoWehClUQ=
+github.com/danwakefield/fnmatch v0.0.0-20160403171240-cbb64ac3d964/go.mod h1:Xd9hchkHSWYkEqJwUGisez3G1QY8Ryz0sdWrLPMGjLk=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 h1:RAV05c0xOkJ3dZGS0JFybxFKZ2WMLabgx3uXnd7rpGs=
+github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
+github.com/dlclark/regexp2 v1.1.6/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
+github.com/dlclark/regexp2 v1.2.0 h1:8sAhBGEM0dRWogWqWyQeIJnxjWO6oIjl8FKqREDsGfk=
+github.com/dlclark/regexp2 v1.2.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
+github.com/go-chi/chi v4.1.0+incompatible h1:ETj3cggsVIY2Xao5ExCu6YhEh5MD6JTfcBzS37R260w=
+github.com/go-chi/chi v4.1.0+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM=
+github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9 h1:uHTyIjqVhYRhLbJ8nIiOJHkEZZ+5YoOsAbD3sk82NiE=
+github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.2-0.20191216170541-340f1ebe299e/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/gorilla/csrf v1.6.0/go.mod h1:7tSf8kmjNYr7IWDCYhd3U8Ck34iQ/Yw5CJu7bAkHEGI=
+github.com/gorilla/handlers v1.4.1/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
+github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.2.0 h1:S7P+1Hm5V/AT9cjEcUD5uDaQSX0OE577aCXgoaKpYbQ=
+github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11 h1:FxPOTFNqGkuDUGi3H/qkUbQO4ZiBa2brKq5r0l8TGeM=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E=
+github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c h1:rp5dCmg/yLR3mgFuSOe4oEnDDmGLROTvMragMUXpTQw=
+github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c/go.mod h1:X07ZCGwUbLaax7L0S3Tw4hpejzu63ZrrQiUe6W0hcy0=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
+github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
+gitlab.com/wpetit/goweb v0.0.0-20200418152305-76dea96a46ce h1:B3inZUHFr/FpA3jb+ZeSSHk3FSpB0xkQ0TjePhRokxw=
+gitlab.com/wpetit/goweb v0.0.0-20200418152305-76dea96a46ce/go.mod h1:Gfv7cBOw1T2XwXMsLm1d9kAjMAdNtLMjPv+yCzRO9qk=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2 h1:75k/FF0Q2YM8QYo07VPddOLBslDt1MZOdEslOHvmzAs=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g=
+golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181128092732-4ed8d59d0b35/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191210023423-ac6580df4449 h1:gSbV7h1NRL2G1xTg/owz62CST1oJBmxy4QpMMregXVQ=
+golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1 h1:QzqyMA1tlu6CgqCDUtU9V+ZKhLFT2dkJuANu5QaxI3I=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
+gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ=
+gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
+gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
diff --git a/internal/config/config.go b/internal/config/config.go
new file mode 100644
index 0000000..8be9648
--- /dev/null
+++ b/internal/config/config.go
@@ -0,0 +1,83 @@
+package config
+
+import (
+	"io"
+	"io/ioutil"
+	"time"
+
+	"github.com/pkg/errors"
+
+	"gopkg.in/yaml.v2"
+)
+
+type Config struct {
+	HTTP HTTPConfig `yaml:"http"`
+	OIDC OIDCConfig `yaml:"oidc"`
+}
+
+// NewFromFile retrieves the configuration from the given file
+func NewFromFile(filepath string) (*Config, error) {
+	config := NewDefault()
+
+	data, err := ioutil.ReadFile(filepath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "could not read file '%s'", filepath)
+	}
+
+	if err := yaml.Unmarshal(data, config); err != nil {
+		return nil, errors.Wrapf(err, "could not unmarshal configuration")
+	}
+
+	return config, nil
+}
+
+type HTTPConfig struct {
+	Address                 string `yaml:"address"`
+	CookieAuthenticationKey string `yaml:"cookieAuthenticationKey"`
+	CookieEncryptionKey     string `yaml:"cookieEncryptionKey"`
+	CookieMaxAge            int    `yaml:"cookieMaxAge"`
+	TemplateDir             string `yaml:"templateDir"`
+	PublicDir               string `yaml:"publicDir"`
+}
+
+type OIDCConfig struct {
+	ClientID     string `yaml:"clientId"`
+	ClientSecret string `yaml:"clientSecret"`
+	IssuerURL    string `ymal:"issuerUrl"`
+	RedirectURL  string `yaml:"redirectUrl"`
+}
+
+func NewDumpDefault() *Config {
+	config := NewDefault()
+	return config
+}
+
+func NewDefault() *Config {
+	return &Config{
+		HTTP: HTTPConfig{
+			Address:                 ":3002",
+			CookieAuthenticationKey: "",
+			CookieEncryptionKey:     "",
+			CookieMaxAge:            int((time.Hour * 1).Seconds()), // 1 hour
+			TemplateDir:             "template",
+			PublicDir:               "public",
+		},
+		OIDC: OIDCConfig{
+			IssuerURL:   "http://localhost:4444/",
+			RedirectURL: "http://localhost:3002/oauth2/callback",
+		},
+	}
+}
+
+func Dump(config *Config, w io.Writer) error {
+	data, err := yaml.Marshal(config)
+	if err != nil {
+		return errors.Wrap(err, "could not dump config")
+	}
+
+	if _, err := w.Write(data); err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/internal/config/provider.go b/internal/config/provider.go
new file mode 100644
index 0000000..0e768ed
--- /dev/null
+++ b/internal/config/provider.go
@@ -0,0 +1,9 @@
+package config
+
+import "gitlab.com/wpetit/goweb/service"
+
+func ServiceProvider(config *Config) service.Provider {
+	return func(ctn *service.Container) (interface{}, error) {
+		return config, nil
+	}
+}
diff --git a/internal/config/service.go b/internal/config/service.go
new file mode 100644
index 0000000..e57c05d
--- /dev/null
+++ b/internal/config/service.go
@@ -0,0 +1,33 @@
+package config
+
+import (
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/service"
+)
+
+const ServiceName service.Name = "config"
+
+// From retrieves the config service in the given container
+func From(container *service.Container) (*Config, error) {
+	service, err := container.Service(ServiceName)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error while retrieving '%s' service", ServiceName)
+	}
+
+	srv, ok := service.(*Config)
+	if !ok {
+		return nil, errors.Errorf("retrieved service is not a valid '%s' service", ServiceName)
+	}
+
+	return srv, nil
+}
+
+// Must retrieves the config service in the given container or panic otherwise
+func Must(container *service.Container) *Config {
+	srv, err := From(container)
+	if err != nil {
+		panic(err)
+	}
+
+	return srv
+}
diff --git a/internal/route/helper.go b/internal/route/helper.go
new file mode 100644
index 0000000..cf7c774
--- /dev/null
+++ b/internal/route/helper.go
@@ -0,0 +1,24 @@
+package route
+
+import (
+	"net/http"
+
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/middleware/container"
+	"gitlab.com/wpetit/goweb/service/template"
+	"gitlab.com/wpetit/goweb/template/html"
+)
+
+func extendTemplateData(w http.ResponseWriter, r *http.Request, data template.Data) template.Data {
+	ctn := container.Must(r.Context())
+	data, err := template.Extend(data,
+		html.WithFlashes(w, r, ctn),
+		template.WithBuildInfo(w, r, ctn),
+	)
+
+	if err != nil {
+		panic(errors.Wrap(err, "could not extend template data"))
+	}
+
+	return data
+}
diff --git a/internal/route/login.go b/internal/route/login.go
new file mode 100644
index 0000000..e61d436
--- /dev/null
+++ b/internal/route/login.go
@@ -0,0 +1,53 @@
+package route
+
+import (
+	"encoding/json"
+	"net/http"
+
+	oidc "forge.cadoles.com/wpetit/goweb-oidc"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+	"gitlab.com/wpetit/goweb/middleware/container"
+	"gitlab.com/wpetit/goweb/service/template"
+)
+
+func serveHomePage(w http.ResponseWriter, r *http.Request) {
+	ctn := container.Must(r.Context())
+	tmpl := template.Must(ctn)
+
+	idToken, err := oidc.IDToken(w, r)
+	if err != nil {
+		panic(errors.Wrap(err, "could not retrieve idToken"))
+	}
+
+	jsonIDToken, err := json.MarshalIndent(idToken, "", " ")
+	if err != nil {
+		panic(errors.Wrap(err, "could not encode idToken"))
+	}
+
+	data := extendTemplateData(w, r, template.Data{
+		"IDToken":     idToken,
+		"JSONIDToken": string(jsonIDToken),
+	})
+
+	if err := tmpl.RenderPage(w, "home.html.tmpl", data); err != nil {
+		panic(errors.Wrapf(err, "could not render '%s' page", r.URL.Path))
+	}
+}
+
+func handleLogin(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+
+	idToken, err := oidc.IDToken(w, r)
+	if err != nil {
+		logger.Error(ctx, "could not retrieve idToken", logger.E(err))
+
+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+
+		return
+	}
+
+	logger.Info(ctx, "user logged in", logger.F("sub", idToken.Subject))
+
+	http.Redirect(w, r, "/", http.StatusSeeOther)
+}
diff --git a/internal/route/logout.go b/internal/route/logout.go
new file mode 100644
index 0000000..07eefe5
--- /dev/null
+++ b/internal/route/logout.go
@@ -0,0 +1,27 @@
+package route
+
+import (
+	"net/http"
+
+	oidc "forge.cadoles.com/wpetit/goweb-oidc"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/middleware/container"
+	"gitlab.com/wpetit/goweb/service/session"
+)
+
+func handleLogout(w http.ResponseWriter, r *http.Request) {
+	ctn := container.Must(r.Context())
+
+	sess, err := session.Must(ctn).Get(w, r)
+	if err != nil {
+		panic(errors.Wrap(err, "could not retrieve session"))
+	}
+
+	if err := sess.Delete(w, r); err != nil {
+		panic(errors.Wrap(err, "could not delete session"))
+	}
+
+	client := oidc.Must(ctn)
+
+	client.Logout(w, r)
+}
diff --git a/internal/route/mount.go b/internal/route/mount.go
new file mode 100644
index 0000000..9f7f89b
--- /dev/null
+++ b/internal/route/mount.go
@@ -0,0 +1,25 @@
+package route
+
+import (
+	oidc "forge.cadoles.com/wpetit/goweb-oidc"
+	"forge.cadoles.com/wpetit/goweb-oidc/internal/config"
+
+	"github.com/go-chi/chi"
+	"gitlab.com/wpetit/goweb/static"
+)
+
+func Mount(r *chi.Mux, config *config.Config) error {
+	r.Group(func(r chi.Router) {
+		r.Use(oidc.Middleware)
+
+		r.Get("/", serveHomePage)
+	})
+
+	r.With(oidc.HandleCallback).Get("/oauth2/callback", handleLogin)
+	r.Get("/logout", handleLogout)
+
+	notFoundHandler := r.NotFoundHandler()
+	r.Get("/*", static.Dir(config.HTTP.PublicDir, "", notFoundHandler))
+
+	return nil
+}
diff --git a/middleware.go b/middleware.go
new file mode 100644
index 0000000..0701d45
--- /dev/null
+++ b/middleware.go
@@ -0,0 +1,98 @@
+package oidc
+
+import (
+	"encoding/gob"
+	"log"
+	"net/http"
+
+	"github.com/coreos/go-oidc"
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/logger"
+	"gitlab.com/wpetit/goweb/middleware/container"
+	"gitlab.com/wpetit/goweb/service/session"
+)
+
+const (
+	SessionOIDCTokenKey = "oidc-token"
+	SessionOIDCStateKey = "oidc-state"
+)
+
+func init() {
+	gob.Register(&oidc.IDToken{})
+}
+
+func Middleware(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		if _, err := IDToken(w, r); err != nil {
+			ctn := container.Must(r.Context())
+
+			log.Println("retrieving oidc client")
+
+			client := Must(ctn)
+
+			client.Login(w, r)
+
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	}
+
+	return http.HandlerFunc(fn)
+}
+
+func HandleCallback(next http.Handler) http.Handler {
+	fn := func(w http.ResponseWriter, r *http.Request) {
+		ctx := r.Context()
+		ctn := container.Must(ctx)
+		client := Must(ctn)
+
+		idToken, err := client.Validate(w, r)
+		if err != nil {
+			logger.Error(ctx, "could not validate oidc token", logger.E(err))
+
+			http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)
+
+			return
+		}
+
+		sess, err := session.Must(ctn).Get(w, r)
+		if err != nil {
+			panic(errors.Wrap(err, "could not retrieve session"))
+		}
+
+		sess.Set(SessionOIDCTokenKey, idToken)
+
+		if err := sess.Save(w, r); err != nil {
+			panic(errors.Wrap(err, "could not save session"))
+		}
+
+		next.ServeHTTP(w, r)
+	}
+
+	return http.HandlerFunc(fn)
+}
+
+func Logout(w http.ResponseWriter, r *http.Request) {
+	// ctx := r.Context()
+	// ctn := container.Must(ctx)
+	// client := Must(ctn)
+
+	// client
+}
+
+func IDToken(w http.ResponseWriter, r *http.Request) (*oidc.IDToken, error) {
+	ctn := container.Must(r.Context())
+
+	sess, err := session.Must(ctn).Get(w, r)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not retrieve session")
+	}
+
+	idToken, ok := sess.Get(SessionOIDCTokenKey).(*oidc.IDToken)
+	if !ok || idToken == nil {
+		return nil, errors.New("invalid id token")
+	}
+
+	return idToken, nil
+}
diff --git a/misc/script/release.sh b/misc/script/release.sh
new file mode 100644
index 0000000..5cbe882
--- /dev/null
+++ b/misc/script/release.sh
@@ -0,0 +1,123 @@
+#!/bin/bash
+
+set -eo pipefail
+
+OS_TARGETS=(linux)
+ARCH_TARGETS=${ARCH_TARGETS:-amd64 arm 386}
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )"
+PROJECT_DIR="$DIR/../.."
+
+function build {
+
+  local name=$1
+  local srcdir=$2
+  local os=$3
+  local arch=$4
+
+  local dirname="$name-$os-$arch"
+  local destdir="$PROJECT_DIR/release/$dirname"
+
+  rm -rf "$destdir"
+  mkdir -p "$destdir"
+
+  echo "building $dirname..."
+
+  CGO_ENABLED=0 GOOS="$os" GOARCH="$arch" go build \
+    -mod=vendor \
+    -ldflags="-s -w -X 'main.GitRef=$(current_commit_ref)' -X 'main.ProjectVersion=$(current_version)' -X 'main.BuildDate=$(current_date)'" \
+    -gcflags=-trimpath="${PWD}" \
+    -asmflags=-trimpath="${PWD}" \
+    -o "$destdir/bin/$name" \
+    "$srcdir"
+
+  if [ ! -z "$(which upx)" ]; then
+    upx --best "$destdir/bin/$name"
+  fi
+
+}
+
+function current_date {
+  date '+%Y-%m-%d %H:%M'
+}
+
+function current_commit_ref {
+  git log -n 1 --pretty="format:%h"
+}
+
+function current_version {
+  local latest_tag=$(git describe --abbrev=0 2>/dev/null)
+  echo ${latest_tag:-0.0.0}
+}
+
+function copy {
+
+  local name=$1
+  local os=$2
+  local arch=$3
+  local src=$4
+  local dest=$5
+
+  local dirname="$name-$os-$arch"
+  local destdir="$PROJECT_DIR/release/$dirname"
+
+  echo "copying '$src' to '$destdir/$dest'..."
+
+  mkdir -p "$(dirname $destdir/$dest)"
+
+  cp -rfL $src "$destdir/$dest"
+
+}
+
+function dump_default_conf {
+  # Generate and copy configuration file
+  local command=$1
+  local os=$2
+  local arch=$3
+  local tmp_conf=$(mktemp)
+
+  go run "$PROJECT_DIR/cmd/$command" -dump-config > "$tmp_conf"
+  copy "$command" $os $arch "$tmp_conf" "$command.yml"
+  rm -f "$tmp_conf"
+}
+
+function compress {
+
+  local name=$1
+  local os=$2
+  local arch=$3
+
+  local dirname="$name-$os-$arch"
+  local destdir="$PROJECT_DIR/release/$dirname"
+
+  echo "compressing $dirname..."
+  tar -czf "$destdir.tar.gz" -C "$destdir/../" "$dirname"
+}
+
+function release_server {
+
+  local os=$1
+  local arch=$2
+  
+  build 'server' "$PROJECT_DIR/cmd/server" $os $arch
+
+  dump_default_conf 'server' $os $arch
+  
+  copy 'server' $os $arch "$PROJECT_DIR/README.md" "README.md"
+  copy 'server' $os $arch "$PROJECT_DIR/cmd/server/public" "public"
+  copy 'server' $os $arch "$PROJECT_DIR/cmd/server/template" "template"
+
+  compress 'server' $os $arch
+
+}
+
+function main {
+
+  for os in ${OS_TARGETS[@]}; do
+    for arch in ${ARCH_TARGETS[@]}; do
+      release_server $os $arch
+    done
+  done
+}
+
+main
\ No newline at end of file
diff --git a/misc/systemd/server.service b/misc/systemd/server.service
new file mode 100644
index 0000000..3b23310
--- /dev/null
+++ b/misc/systemd/server.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=hydra-passwordless
+After=network-online.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/server -workdir /usr/local/share/server -config /etc/server/config.yml
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/modd.conf b/modd.conf
new file mode 100644
index 0000000..7a9944f
--- /dev/null
+++ b/modd.conf
@@ -0,0 +1,13 @@
+**/*.go
+!**/*_test.go
+data/config.yml
+cmd/server/template/**/*
+modd.conf {
+  prep: make build
+  prep: [ -e data/config.yml ] || ( mkdir -p data && bin/server -dump-config > data/config.yml )
+  daemon: bin/server -workdir "./cmd/server" -config ../../data/config.yml
+}
+
+**/*.go {
+  prep: make test
+}
\ No newline at end of file
diff --git a/option.go b/option.go
new file mode 100644
index 0000000..b7492fd
--- /dev/null
+++ b/option.go
@@ -0,0 +1,52 @@
+package oidc
+
+import (
+	"context"
+
+	"github.com/coreos/go-oidc"
+)
+
+type OptionFunc func(*Option)
+
+type Option struct {
+	Provider     *oidc.Provider
+	ClientID     string
+	ClientSecret string
+	RedirectURL  string
+	Scopes       []string
+}
+
+func WithCredentials(clientID, clientSecret string) OptionFunc {
+	return func(opt *Option) {
+		opt.ClientID = clientID
+		opt.ClientSecret = clientSecret
+	}
+}
+
+func WithScopes(scopes ...string) OptionFunc {
+	return func(opt *Option) {
+		opt.Scopes = scopes
+	}
+}
+
+func NewProvider(ctx context.Context, issuer string) (*oidc.Provider, error) {
+	return oidc.NewProvider(ctx, issuer)
+}
+
+func WithProvider(provider *oidc.Provider) OptionFunc {
+	return func(opt *Option) {
+		opt.Provider = provider
+	}
+}
+
+func fromDefault(funcs ...OptionFunc) *Option {
+	opt := &Option{
+		Scopes: []string{oidc.ScopeOpenID},
+	}
+
+	for _, f := range funcs {
+		f(opt)
+	}
+
+	return opt
+}
diff --git a/provider.go b/provider.go
new file mode 100644
index 0000000..3040e67
--- /dev/null
+++ b/provider.go
@@ -0,0 +1,11 @@
+package oidc
+
+import "gitlab.com/wpetit/goweb/service"
+
+func ServiceProvider(opts ...OptionFunc) service.Provider {
+	client := NewClient(opts...)
+
+	return func(ctn *service.Container) (interface{}, error) {
+		return client, nil
+	}
+}
diff --git a/service.go b/service.go
new file mode 100644
index 0000000..e6abf8b
--- /dev/null
+++ b/service.go
@@ -0,0 +1,33 @@
+package oidc
+
+import (
+	"github.com/pkg/errors"
+	"gitlab.com/wpetit/goweb/service"
+)
+
+const ServiceName service.Name = "oidc"
+
+// From retrieves the oidc service in the given container
+func From(container *service.Container) (*Client, error) {
+	service, err := container.Service(ServiceName)
+	if err != nil {
+		return nil, errors.Wrapf(err, "error while retrieving '%s' service", ServiceName)
+	}
+
+	srv, ok := service.(*Client)
+	if !ok {
+		return nil, errors.Errorf("retrieved service is not a valid '%s' service", ServiceName)
+	}
+
+	return srv, nil
+}
+
+// Must retrieves the oidc service in the given container or panic otherwise
+func Must(container *service.Container) *Client {
+	srv, err := From(container)
+	if err != nil {
+		panic(err)
+	}
+
+	return srv
+}