Switch branches/tags
Find file History
Pull request Compare This branch is 1 commit behind v0.12.x.

README.md

Example - REST API Basic Auth

This example demonstrates REST API Basic Auth with aah framework. aah REST API Basic Auth includes authentication and route authorization via routes config.

aah supports basic auth mechanism in two ways, choose per use case -

Realm Description
File When you know a set of pre-defiend subjects (aka users), roles and permissions (roles and permissions values are optional though)
Dynamic Subject information lies in Data Source (DB, API provider, etc). Implementing interfaces authc.Authenticator and authz.Authorizer

Learn more about Security design, Authentication and Authorization.

Get aah exaamples

git clone https://github.com/go-aah/examples.git aah-examples

Run this example

cd aah-examples/rest-api-basic-auth
aah run

Use a preferred REST client to make a request

Demo User Credentials

Username/Password Roles & Permissions IsLocked
user1@aahframework.org/welcome123 Roles: "employee", "manager"
Permissions: "user:read,edit:reportee"
No
user2@aahframework.org/welcome123 Roles: "employee"
Permissions: N/A
No
user3@aahframework.org/welcome123 Roles: "employee"
Permissions: N/A
Yes
admin@aahframework.org/welcome123 Roles: "employee", "manager", "admin"
Permissions: "user:read,edit,delete:reportee"
No

API Endpoints

GET     /                       - Shows welcome message (Anonymous access)
GET     /v1/reportee/:email     - Returns user data for given email address based on authorization (Secured)

Welcome Message

Send GET request to http://localhost:8080/

Response:

{"message":"Welcome to aah framework - REST API Basic Auth Example"}

Get reportee data

Send GET request to http://localhost:8080/v1/reportee/user1@aahframework.org with Basic Auth user1@aahframework.org/welcome123

Resposne:

{
    "first_name": "East",
    "last_name": "Corner",
    "email": "user1@aahframework.org",
    "is_locked": false,
    "is_expried": false,
    "roles": [
        "employee",
        "manager"
    ],
    "permission": [
        "user:read,edit:reportee"
    ]
}

Now, try various combinations with the above demo credentials.