www/pocket-id: New port: OIDC provider that allows users to authenticate with their passkeys

Pocket ID is a simple OIDC provider that allows users to authenticate with their passkeys to your services. The goal of Pocket ID is to be a simple and easy-to-use. There are other self-hosted OIDC providers like Keycloak or ORY Hydra but they are often too complex for simple use cases. Additionally, what makes Pocket ID special is that it only supports passkey authentication, which means you don't need a password. Some people might not like this idea at first, but I believe passkeys are the future, and once you try them, you'll love them. For example, you can now use a physical Yubikey to sign in to all your self-hosted services easily and securely Approved by: acm (mentor)
author: Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org> 2025-06-22 17:38:47 -0400
committer: Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org> 2025-06-22 17:53:27 -0400
commit: 8a7b9a26bcf925a5a037f7c4806e4e9ae2210830 (patch)
tree: 164ca1027cb6bbd758394c5300339ae6e16e09e5
parent: net/grilo: update to 0.3.19 (diff)
8 files changed, 115 insertions, 2 deletions
diff --git a/GIDs b/GIDs
index 47fa16129409..7c6869b21d21 100644
--- a/GIDs
+++ b/GIDs
@@ -775,7 +775,7 @@ cirrus:*:828:
 # free: 831
 beehive:*:832:
 # free: 833
-# free: 834
+pocket-id:*:834:
 filebrowser:*:835:
 # free: 836
 # free: 837
diff --git a/UIDs b/UIDs
index c92b5e45e010..0b243bb7eb27 100644
--- a/UIDs
+++ b/UIDs
@@ -781,7 +781,7 @@ cirrus:*:828:828::0:0:Cirrus CI:/usr/local/cirrus:/bin/sh
 # free: 831
 beehive:*:832:832::0:0:beehive user:/nonexistent:/usr/sbin/nologin
 # free: 833
-# free: 834
+pocket-id:*:834:834::0:0:OIDC provider that allows users to authenticate with their passkeys:/var/db/pocket-id:/usr/sbin/nologin
 filebrowser:*:835:835::0:0:Web File Browser:/var/db/filebrowser:/usr/sbin/nologin
 # free: 836
 # free: 837
diff --git a/www/Makefile b/www/Makefile
index e2d4e07e535e..6e56ffb734b4 100644
--- a/www/Makefile
+++ b/www/Makefile
@@ -1453,6 +1453,7 @@
     SUBDIR += plasma6-plasma-browser-integration
     SUBDIR += pmwiki
     SUBDIR += pnews
+    SUBDIR += pocket-id
     SUBDIR += podcastamatic
     SUBDIR += pomerium
     SUBDIR += pound
diff --git a/www/pocket-id/Makefile b/www/pocket-id/Makefile
new file mode 100644
index 000000000000..641ca2d03c15
--- /dev/null
+++ b/www/pocket-id/Makefile
@@ -0,0 +1,39 @@
+PORTNAME=	pocket-id
+DISTVERSIONPREFIX=	v
+DISTVERSION=	1.4.0
+CATEGORIES=	www
+MASTER_SITES=	LOCAL/dtxdf/${PORTNAME}/
+DISTFILES=	${PORTNAME}-${DISTVERSION}.frontend${EXTRACT_SUFX}
+
+MAINTAINER=	dtxdf@FreeBSD.org
+COMMENT=	OIDC provider that allows users to authenticate with their passkeys
+WWW=		https://pocket-id.org
+
+LICENSE=	BSD2CLAUSE
+
+USES=		go:modules
+USE_GITHUB=	yes
+USE_RC_SUBR=	${PORTNAME}
+
+GO_MOD_DIST=	github
+GO_MODULE=	https://github.com/pocket-id/${PORTNAME}
+GO_TARGET=	./cmd:${PORTNAME}
+GO_BUILDFLAGS=	-ldflags "-X github.com/pocket-id/pocket-id/backend/internal/common.Version=${DISTVERSION} -buildid=${DISTVERSION}"
+
+SUB_FILES=	pkg-message
+SUB_LIST=	USER=${USERS:[1]}
+
+WRKSRC_SUBDIR=	backend
+
+USERS=		${POCKET_ID_USER}
+GROUPS=		${POCKET_ID_GROUP}
+
+PLIST_FILES=	bin/${PORTNAME}
+
+POCKET_ID_USER=		${PORTNAME}
+POCKET_ID_GROUP=	${POCKET_ID_USER}
+
+pre-build:
+	@cd ${WRKDIR}/pocket-id-frontend && ${COPYTREE_SHARE} . ${WRKSRC}/frontend/dist
+
+.include <bsd.port.mk>
diff --git a/www/pocket-id/distinfo b/www/pocket-id/distinfo
new file mode 100644
index 000000000000..dea750785956
--- /dev/null
+++ b/www/pocket-id/distinfo
@@ -0,0 +1,7 @@
+TIMESTAMP = 1750475934
+SHA256 (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-1.4.0.frontend.tar.gz) = 28d9a1e390d4caa1d210fb1cd36c2f2839d89e82905e88953847b18a25aeb44d
+SIZE (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-1.4.0.frontend.tar.gz) = 940695
+SHA256 (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/go.mod) = 746b88f292ef6becb08abe2aa09185c44bf44d7679e281534821b0d8cfc4828c
+SIZE (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/go.mod) = 6612
+SHA256 (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-pocket-id-v1.4.0_GH0.tar.gz) = ad76903ab02cd739fb3171df8d18a3192b131dc55dd52fe223634c79d9d82f53
+SIZE (go/www_pocket-id/pocket-id-pocket-id-v1.4.0_GH0/pocket-id-pocket-id-v1.4.0_GH0.tar.gz) = 5506002
diff --git a/www/pocket-id/files/pkg-message.in b/www/pocket-id/files/pkg-message.in
new file mode 100644
index 000000000000..f97cc825952b
--- /dev/null
+++ b/www/pocket-id/files/pkg-message.in
@@ -0,0 +1,17 @@
+[
+{ type: install
+  message: <<EOM
+Pocket ID is installed
+
+1) Configure it in %%PREFIX%%/etc/pocket-id.env
+
+2) Enable it with
+
+     sysrc pocket_id_enable=YES
+
+3) Start it with
+
+     service pocket-id start
+EOM
+}
+]
diff --git a/www/pocket-id/files/pocket-id.in b/www/pocket-id/files/pocket-id.in
new file mode 100644
index 000000000000..04a26a82a74e
--- /dev/null
+++ b/www/pocket-id/files/pocket-id.in
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# PROVIDE: pocket_id
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Configuration settings for pocket-id in /etc/rc.conf
+#
+# pocket_id_enable (bool):     Enable pocket-id. (Default=NO)
+# pocket_id_env_file (str):    Path containing the environment variables
+#                              to be used by pocket-id. (Default: /usr/local/etc/pocket-id.env)
+# pocket_id_logfile (str):     Log file used to store the pocket-id's output. (Default: /var/log/pocket-id.log)
+# pocket_id_pidfile (str):     File used by pocket-id to store the process ID. (Default: /var/run/pocket-id.pid)
+# pocket_id_runas (str):       User to run pocket-id as. (Default: %%USER%%)
+
+. /etc/rc.subr
+
+name="pocket_id"
+desc="OIDC provider that allows users to authenticate with their passkeys"
+rcvar="pocket_id_enable"
+
+load_rc_config $name
+
+: ${pocket_id_enable:="NO"}
+: ${pocket_id_env_file:="/usr/local/etc/pocket-id.env"}
+: ${pocket_id_logfile:="/var/log/pocket-id.log"}
+: ${pocket_id_pidfile:="/var/run/pocket-id.pid"}
+: ${pocket_id_runas:="%%USER%%"}
+
+pocket_id_chdir="/var/db/pocket-id"
+pidfile="${pocket_id_pidfile}"
+procname="/usr/local/bin/pocket-id"
+command="/usr/sbin/daemon"
+command_args="-o '${pocket_id_logfile}' -p '${pidfile}' -u '${pocket_id_runas}' -t '${desc}' -- '${procname}'"
+
+run_rc_command "$1"
diff --git a/www/pocket-id/pkg-descr b/www/pocket-id/pkg-descr
new file mode 100644
index 000000000000..904737283fae
--- /dev/null
+++ b/www/pocket-id/pkg-descr
@@ -0,0 +1,13 @@
+Pocket ID is a simple OIDC provider that allows users to authenticate
+with their passkeys to your services.
+
+The goal of Pocket ID is to be a simple and easy-to-use. There are
+other self-hosted OIDC providers like Keycloak or ORY Hydra but
+they are often too complex for simple use cases.
+
+Additionally, what makes Pocket ID special is that it only supports
+passkey authentication, which means you don't need a password. Some
+people might not like this idea at first, but I believe passkeys
+are the future, and once you try them, you'll love them. For example,
+you can now use a physical Yubikey to sign in to all your self-hosted
+services easily and securely
author	Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>	2025-06-22 17:38:47 -0400
committer	Jesús Daniel Colmenares Oviedo <dtxdf@FreeBSD.org>	2025-06-22 17:53:27 -0400
commit	8a7b9a26bcf925a5a037f7c4806e4e9ae2210830 (patch)
tree	164ca1027cb6bbd758394c5300339ae6e16e09e5
parent	net/grilo: update to 0.3.19 (diff)