Switch branches/tags
Find file History
Pull request Compare This branch is 1 commit behind v0.12.x.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
app migrated and verified examples for v0.12.0 release Dec 2, 2018
config
.gitignore
README.md readme update for example run Dec 2, 2018
aah.project
go.mod

README.md

Example - REST API JWT Auth

This example demonstrates REST API JWT Auth with aah framework. aah REST API JWT Auth includes authentication and route authorization via routes config.

Generic Auth can be customized in so many ways. This application implements JSON Web Token (JWT) using Generic auth scheme.

Learn more about Security design, Authentication and Authorization.

Get aah examples

git clone https://github.com/go-aah/examples.git aah-examples

Run this example

cd aah-examples/rest-api-jwt-auth
aah run

Use a preferred REST client to make a request

Demo User Credentials

Username/Password Roles & Permissions IsLocked
user1@aahframework.org/welcome123 Roles: "employee", "manager"
Permissions: "user:read,edit:reportee"
No
user2@aahframework.org/welcome123 Roles: "employee"
Permissions: N/A
No
user3@aahframework.org/welcome123 Roles: "employee"
Permissions: N/A
Yes
admin@aahframework.org/welcome123 Roles: "employee", "manager", "admin"
Permissions: "user:read,edit,delete:reportee"
No

API Endpoints

GET     /                       - Shows welcome message (Anonymous access)
POST    /v1/token               - Issues JSON Web Token (JWT) for given username and password (Anonymous access)
GET     /v1/reportee/:email     - Returns user data for given email address based on authorization (Secured)

Welcome Message

Send GET request to http://localhost:8080/

Response:

{"message":"Welcome to aah framework - REST API Basic Auth Example"}

Get Access Token (JWT)

Send POST request to http://localhost:8080/v1/token

Request Body:

{
  "username": "user1@aahframework.org",
  "password": "welcome123"
}

Response:

Returns access token for valid credentials.

{
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1MzA1NzY3MzcsInVzZXJuYW1lIjoidXNlcjFAYWFoZnJhbWV3b3JrLm9yZyJ9.944bfZpGY8I4ktJzKPA6pJFjhIW53upQBlVT7xSJwPA",
    "token_type": "bearer"
}

Get Reportee data

Send GET request to http://localhost:8080/v1/reportee/user2@aahframework.org

Pass access token via HTTP header Authorization: Bearer <access-token>

Resposne:

{
    "first_name": "West",
    "last_name": "Corner",
    "email": "user2@aahframework.org",
    "is_locked": false,
    "is_expried": false,
    "roles": [
        "employee"
    ]
}

Now, try various combinations with the above demo credentials.