Client Library in GoLang for application developers requiring authentication with the SAP Identity Authentication Service (IAS). The library provides means for validating the Open ID Connect Token (OIDC) and accessing authentication information like user uuid, user attributes and audiences from the token.
- Cloud Foundry
- Kubernetes/Kyma as of 0.11 version
In order to make use of this client library your application should be integrated with the SAP Identity Authentication Service (IAS).
This project is a library for applications or services and does not run standalone.
When integrating, the most important package is auth. It contains means for parsing claims of the JWT and validation
the token signature, audience, issuer and more.
The client library works as a middleware and has to be instantiated with NewMiddelware. For authentication there are options:
- Ready-to-use Middleware Handler: The
AuthenticationHandlerwhich implements the standardhttp/Handlerinterface. Thus, it can be used easily e.g. in angorilla/muxrouter or a plainhttp/Serverimplementation. The claims can be retrieved withauth.GetClaims(req)in the HTTP handler. - Authenticate func: More flexible, can be wrapped with an own middleware func to propagate the users claims.
To access service instance configurations from the application, Kubernetes secrets need to be provided as files in a volume mounted on application's container. Library will look up the configuration files on the mountPath:"/etc/secrets/sapbtp/identity/<YOUR IAS INSTANCE NAME>".
The client library offers an OIDC Mock Server with means to create arbitrary tokens for testing purposes. Examples for the usage of the Mock Server in combination with the OIDC Token Builder can be found in auth/middleware_test.go
Not Known.
In case of questions or bug or reports please open a GitHub Issue in this repository.
Contributions are welcome! Please open a pull request and we will provide feedback as soon as possible.
Note that this project makes use of golangci-lint.
To make use of our Makefile, please make sure you have installed golangci-lint on your local machine.
All prerequisites for a pull request can then be checked with make pull-request.
More information can be found in CONTRIBUTING.md
Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.