The highest tagged major version is
README
¶
About cidaas:
cidaas is a fast and secure Cloud Identity & Access Management solution that standardises what’s important and simplifies what’s complex. The cidaas feature set includes:
- Single Sign On (SSO) based on OAuth 2.0, OpenID Connect, SAML 2.0
- Multi-Factor-Authentication with more than 14 authentication methods, including TOTP and FIDO2
- Passwordless Authentication
- Social Login (e.g. Facebook, Google, LinkedIn and more) as well as Enterprise Identity Provider (e.g. SAML or AD)
- Security in Machine-to-Machine (M2M) and IoT
How to install
go get github.com/Cidaas/go-interceptor
Usage
The cidaas go interceptor can be used to secure APIs in golang.
Attached an example how to secure an API with scopes and roles based on the signature of a token:
func get(w http.ResponseWriter, r *http.Request) {
...
// set response to ok and return Status ok and response
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
w.Write([]byte(respJSON))
return
}
func main() {
r := mux.NewRouter()
api := r.PathPrefix("/api/v1").Subrouter()
// Base URI is mandatory, ClientID is optional, if ClientID is set the interceptor will only allow requests from this Client
cidaasInterceptor, err := cidaasinterceptor.New(cidaasinterceptor.Options{BaseURI: "https://base.cidaas.de", ClientID: "clientID"})
if err != nil {
log.Panicf("Initialization of cidaas interceptor failed! Error: %v", err)
panic("Panic!")
}
getHandler := http.HandlerFunc(get)
api.Handle("", cidaasInterceptor.VerifyTokenBySignature(getHandler, []string{"profile", "cidaas:api_scope"}, nil)).Methods(http.MethodGet)
log.Fatal(http.ListenAndServe(":8080", r))
}
Attached an example how to secure an API with scopes and roles based on an introspect call to the cidaas instance:
func get(w http.ResponseWriter, r *http.Request) {
...
// set response to ok and return Status ok and response
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK)
w.Write([]byte(respJSON))
return
}
func main() {
r := mux.NewRouter()
api := r.PathPrefix("/api/v1").Subrouter()
// Base URI is mandatory, ClientID is optional, if ClientID is set the interceptor will only allow requests from this Client
cidaasInterceptor, err := cidaasinterceptor.New(cidaasinterceptor.Options{BaseURI: "https://base.cidaas.de", ClientID: "clientID")
if err != nil {
log.Panicf("Initialization of cidaas interceptor failed! Error: %v", err)
panic("Panic!")
}
getHandler := http.HandlerFunc(get)
api.Handle("", cidaasInterceptor.VerifyTokenByIntrospect(getHandler, []string{"profile", "cidaas:api_scope"}, nil)).Methods(http.MethodGet)
log.Fatal(http.ListenAndServe(":8080", r))
}
Fiber integration
Add Fiber Adaptor to your project
go get -u github.com/gofiber/fiber/v2
then use cidaasinterceptor as following Code snippet
import (
cidaasinterceptor "github.com/Cidaas/go-interceptor"
)
func CreateApp() (*fiber.App, error) {
interceptor, err := cidaasinterceptor.NewFiberInterceptor(cidaasinterceptor.Options{
BaseURI: BaseUrl,
ClientID: Client_id,
})
if err != nil {
ls.Fatal().Err(err).Msg("can't initialize interceptor")
}
app := fiber.New()
app.Use(cors.New())
app.Use("/monit", monitor.New())
app.Get("/ping", func(ctx *fiber.Ctx) error {
return ctx.Status(fiber.StatusOK).JSON(fiber.Map{
"data": "Pong",
})
})
//Root route
root := app.Group(fmt.Sprintf("/%s", base.ServiceName))
root.Get("/ping", func(ctx *fiber.Ctx) error {
return ctx.Status(fiber.StatusOK).JSON(fiber.Map{
"data": "Pong",
})
})
root.Post("/user", inter.VerifyTokenBySignature([]string{}, []string{}), handler.UserHandler)
return app, nil
}
func main() {
app, err := CreateApp()
if err != nil {
panic(err)
}
app.Listen(":3000")
}
Add required Scopes and Roles to your interceptor
Documentation
¶
Index ¶
Constants ¶
const FiberTokenDataKey = "tokendata"
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CidaasInterceptor ¶
type CidaasInterceptor struct {
Options Options
// contains filtered or unexported fields
}
CidaasInterceptor to secure APIs based on OAuth 2.0
func New ¶
func New(opts Options) (*CidaasInterceptor, error)
New returns a newly constructed cidaasInterceptor instance with the provided options
func (*CidaasInterceptor) VerifyTokenByIntrospect ¶
func (m *CidaasInterceptor) VerifyTokenByIntrospect(next http.Handler, scopes []string, roles []string) http.Handler
VerifyTokenByIntrospect (check for exp time, issuer and scopes and roles)
func (*CidaasInterceptor) VerifyTokenBySignature ¶
func (m *CidaasInterceptor) VerifyTokenBySignature(next http.Handler, scopes []string, roles []string) http.Handler
VerifyTokenBySignature (check for exp time and scopes and roles)
type FiberInterceptor ¶ added in v1.1.3
type FiberInterceptor struct {
Options Options
// contains filtered or unexported fields
}
func NewFiberInterceptor ¶ added in v1.1.3
func NewFiberInterceptor(opts Options) (*FiberInterceptor, error)
NewFiberInterceptor returns a newly constructed cidaasInterceptor instance with the provided options
func (*FiberInterceptor) VerifyTokenByIntrospect ¶ added in v1.2.0
func (m *FiberInterceptor) VerifyTokenByIntrospect(scopes []string, roles []string) fiber.Handler
VerifyTokenByIntrospect (check for exp time, issuer and scopes and roles)
func (*FiberInterceptor) VerifyTokenBySignature ¶ added in v1.1.3
func (m *FiberInterceptor) VerifyTokenBySignature(scopes []string, roles []string) fiber.Handler
VerifyTokenBySignature (check for exp time and scopes and roles)
type JSONWebKey ¶
type JSONWebKey struct {
Kty string `json:"kty"`
Kid string `json:"kid"`
Use string `json:"use"`
N string `json:"n"`
E string `json:"e"`
Alg string `json:"alg"`
}
JSONWebKey struct containing data of a key to verify a signature of token
type Jwks ¶
type Jwks struct {
Keys []JSONWebKey `json:"keys"`
}
Jwks struct containing a list of keys to verify a signature of token
Source Files