Client Library in GoLang for application developers requiring authentication with the Identity Authentication Service (IAS). The library provides means for validating the Open ID Connect Token (OIDC) and accessing authentication information like user uuid, user attributes and audiences from the token.
Parsing claims of the JWT and validation the token signature, audience, issuer, …
Any interaction with the Authorization Server e.g. OIDC discovery and fetching token keys
Parsing of environment provided by the Authorization Server e.g. IAS broker
The client library works as a middleware and has to be instantiated with NewAuthMiddelware. For authentication there are options:
- Ready-to-use Middleware Handler: The
Handlerwhich implements the standardhttp/Handlerinterface. Thus, it can be used easily e.g. in angorilla/muxrouter or a plainhttp/Serverimplementation. The property name can be specified with theUserContextoption and has to be type asserted to(*core.OIDCClaims)for the property accessors to be available. - Authenticate func: More flexible, can be wrapped with an own middleware func to propagate the users claims.
r := mux.NewRouter()
config, err := env.GetIASConfig()
if err != nil {
panic(err)
}
authMiddleware := auth.NewAuthMiddleware(config, auth.Options{
UserContext: "user"
})
r.Use(authMiddleware.Handler)
r.HandleFunc("/helloWorld", helloWorld).Methods("GET")
address := ":8080"
log.Println("Starting server on address", address)
err = http.ListenAndServe(address, handlers.LoggingHandler(os.Stdout, r))
if err != nil {
panic(err)
} Full example: samples/middleware.go
The client library offers an OIDC Mock Server with means to create arbitrary tokens for testing purposes. Examples for the usage of the Mock Server in combination with the OIDC Token Builder can be found in auth/middleware_test.go
The client library does not yet provide support for IAS custom domains. This limitation will be overcome within the next few weeks, once there is full support for that from IAS and IAS-Broker side.