README
¶
go-idauth
Library to authentificate requests and get user and session data.
Built with Azugo Go Web Framework
This project is built using the Azugo Go Web Framework, a powerful and flexible framework for building modern web applications in Go. Check out the Azugo GitHub page for more information and documentation.
Usage
Add dependency
go get -u github.com/edim-test/go-idauth
Add configuration section
import (
"github.com/edim-test/go-idauth"
)
type Configuration struct {
//...
IDAuth *idauth.Configuration `mapstruct:"idauth"`
IDAuthSystem *idauth.SystemTokenConfiguration `mapstructure:"system_token"`
//...
}
func (c *Configuration) Bind(_ string, v *viper.Viper) {
//...
c.IDAuth = config.Bind(c.IDAuth, "idauth", v)
c.IDAuthSystem = config.Bind(c.IDAuthSystem, "system_token", v)
//...
}
func (c *Configuration) Validate(validate *validation.Validate) error {
//...
if err := c.IDAuth.Validate(validate); err != nil {
return err
}
if err := c.IDAuthSystem.Validate(validate); err != nil {
return err
}
//...
}
Add initialization
import (
"github.com/edim-test/go-idauth"
)
func (a *App) InitServices() error {
//...
var err error
a.systemTokenClient, err = idauth.NewSystemTokenClient(a.Config().IDAuthSystem)
if err != nil {
return err
}
//...
}
Add middleware for endpoints that need authentification
import (
"github.com/edim-test/go-idauth"
)
func Init(app *idauth.App) error {
//...
r.Use(idauth.Authentification(app.App, app.Config().IDAuth))
//...
}
Call GetSystemToken to get system token
import (
"github.com/edim-test/go-idauth"
)
token, err = c.systemTokenClient.GetSystemToken(ctx, "scope:level")
Bind /1.0/token and /1.0/session endpoints
import (
"github.com/edim-test/go-idauth/authorization"
)
func Init(app *idauth.App) error {
//...
if err := authorization.Bind(r, a.Config().IDAuth); err != nil {
return err
}
//...
}
[POST] /1.0/token endpoint example
No authorization header
application/x-www-form-urlencoded
grant_type: "authorization_code"
code: "01JN0TDJKGX87BGQVG01X1B48J"
code_verifier: "PesVLXxPtpQcf7FD8RzgkKnbwfE0pxIyokrnE2FbZ5s"
redirect_uri: "https://localhost:8888/auth-done"
[GET] /1.0/session endpoint example
Bearer token authorization header. Use the access_token from /1.0/token response
Documentation
¶
Index ¶
- func Authentication(_ *azugo.App, config *Configuration, states ...string) azugo.RequestHandlerFunc
- func UserHasScope(scope string, next azugo.RequestHandler) azugo.RequestHandler
- func UserHasScopeAtLeastLevel(scope string, level ScopeLevel, next azugo.RequestHandler) azugo.RequestHandler
- func UserHasScopeLevel(scope string, level ScopeLevel, next azugo.RequestHandler) azugo.RequestHandler
- type Client
- type Configuration
- type ScopeLevel
- type SystemTokenClient
- type SystemTokenConfiguration
- type TokenCache
- type TokenResponse
- type UserinfoResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Authentication ¶
func Authentication(_ *azugo.App, config *Configuration, states ...string) azugo.RequestHandlerFunc
Authentication middleware checks if the user is authentificated and has the required session state.
func UserHasScope ¶
func UserHasScope(scope string, next azugo.RequestHandler) azugo.RequestHandler
UserHasScope handler helper checks if the user has the scope.
func UserHasScopeAtLeastLevel ¶
func UserHasScopeAtLeastLevel(scope string, level ScopeLevel, next azugo.RequestHandler) azugo.RequestHandler
UserHasScopeAtLeastLevel hanler helper checks if the user has the scope with atleast specified level.
func UserHasScopeLevel ¶
func UserHasScopeLevel(scope string, level ScopeLevel, next azugo.RequestHandler) azugo.RequestHandler
UserHasScopeLevel hanler helper checks if the user has the scope with the specific level.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client for IDAuth API.
func NewClient ¶
func NewClient(config *Configuration) (*Client, error)
NewClient creates a new IDAuth client.
func (Client) UserInfo ¶
func (c Client) UserInfo(ctx *azugo.Context, opts ...http.RequestOption) (*UserinfoResponse, error)
UserInfo retrieves the user information from the IDAuth userinfo endpoint.
type Configuration ¶
type Configuration struct {
URL string `mapstructure:"url" validate:"required,url"`
ClientID string `mapstructure:"client_id" validate:"required"`
ClientSecret string `mapstructure:"client_secret" validate:"required"`
}
func (*Configuration) Validate ¶
func (c *Configuration) Validate(valid *validation.Validate) error
Validate IDAuth configuration section.
type ScopeLevel ¶
type ScopeLevel string
const ( // ScopeLevelRead is the read scope level. ScopeLevelRead ScopeLevel = "read" // ScopeLevelWrite is the write scope level. ScopeLevelWrite ScopeLevel = "write" // ScopeLevelDelete is the delete scope level. ScopeLevelDelete ScopeLevel = "delete" // ScopeLevelExport is the export scope level. ScopeLevelExport ScopeLevel = "export" )
type SystemTokenClient ¶
type SystemTokenClient struct {
*SystemTokenConfiguration
// contains filtered or unexported fields
}
func NewSystemTokenClient ¶
func NewSystemTokenClient( config *SystemTokenConfiguration, ) (*SystemTokenClient, error)
func (*SystemTokenClient) GetSystemToken ¶
type SystemTokenConfiguration ¶
type SystemTokenConfiguration struct {
URL string `mapstructure:"url" validate:"required,url"`
// ClientID is the IDAuth client ID
ClientID string `mapstructure:"client_id"`
// Certificate in PEM format
Certificate string `mapstructure:"certificate" validate:"required"`
}
SystemTokenConfiguration is the configuration with private key for the auth system middleware.
func (*SystemTokenConfiguration) Bind ¶
func (c *SystemTokenConfiguration) Bind(prefix string, v *viper.Viper)
Bind configuration section.
func (*SystemTokenConfiguration) Validate ¶
func (c *SystemTokenConfiguration) Validate(validate *validation.Validate) error
Validate application configuration.
type TokenCache ¶
type TokenResponse ¶
type UserinfoResponse ¶
type UserinfoResponse struct {
// SessionID is the session identifier
SessionID string `json:"sid,omitempty" validate:"omitempty,len=26" example:"01FMG08GHT6QJE32XHGVMWB82D"`
// Active is the session active flag
Active bool `json:"active"`
// UserID is unique user identifier
UserID string `json:"sub,omitempty" validate:"required,min=1,max=20" example:"PNOXX-111111-11111"`
// Code is unique person identifier
Code string `json:"code,omitempty" validate:"required,min=1,max=20" example:"11111111111"`
// GivenName is the authorized users given name
GivenName string `json:"given_name,omitempty" validate:"omitempty,max=100" example:"Jānis"`
// FamilyName is the authorized users family name
FamilyName string `json:"family_name,omitempty" validate:"omitempty,max=200" example:"Testiņš"`
// OrganizationName is the authorized users organization name (AuthorityFullName)
OrganizationName string `json:"org_name,omitempty" validate:"omitempty,max=250" example:"Testiņa uzņēmums"`
// OrganizationCode is the authorized users organization code (URAuthorityCode)
OrganizationCode string `json:"org_id,omitempty" validate:"omitempty,max=50" example:"11111111111"`
// TODO: move to session state struct
// State is the session state
State string `json:"st" validate:"required,oneof=none req_agreement req_role authorized" example:"authorized"`
// Scope is the list of user rights
Scope []string `json:"scope,omitempty" validate:"omitempty,dive,required,min=1,max=60" example:"[\"admin/settings:read\"]"`
// Session timeout in seconds
SecondsToLive int `json:"secondsToLive"`
// Seconds before session expiration when session countdown should appear
SecondsToCountdown int `json:"secondsToCountdown"`
// IsSessionExtendable is the flag if session can be extended with keep-alive request
IsSessionExtendable bool `json:"isSessionExtendable"`
}
UserinfoResponse is the response body for the userinfo endpoint data.
func (*UserinfoResponse) ToClaims ¶
func (s *UserinfoResponse) ToClaims() map[string]token.ClaimStrings
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.