Go Identity Service

Quick start

Register

Request a new user to login.

$ curl -X POST -H 'Content-Type: application/json' -i http://localhost:8000/sign-up --data '{ "email": "admin@kiwsan.com", "password": "password", "confirm_password": "password" }'

Response

The user has been created.

Login

Login using email and password to retrieve a token.

$ curl -X POST -d 'email=admin@kiwsan.com' -d 'password=password' localhost:8000/sign-in

Response

{
  "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE4MzQyMzIsInVzZXJuYW1lIjoiYWRtaW4ifQ.J8KCW98u2JMC1kqd2xStp10WTYYb9lksdR4QYtXQffc",
  "expire_date":"1571834232",
  "refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE5MTk3MzJ9.6pPqklkbIrSrgT82wqS_Dn4UFs_CUk_MkSt1BdXeNvQ"
}

Request user claims information

Request a user resource using the token in Authorization request header.

$ curl -X GET -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE4MzQyMzIsInVzZXJuYW1lIjoiYWRtaW4ifQ.J8KCW98u2JMC1kqd2xStp10WTYYb9lksdR4QYtXQffc' -i http://localhost:8000/me

Response

Welcome admin!

Refresh Token

Request a new token using the refresh token.

$ curl -X POST -H 'Content-Type: application/json' -i http://localhost:8000/access-tokens/:refreshToken/refresh --data '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE5MTk3MzJ9.6pPqklkbIrSrgT82wqS_Dn4UFs_CUk_MkSt1BdXeNvQ"}'

Response

{
  "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE4MzQzOTgsInVzZXJuYW1lIjoiYWRtaW4ifQ.IueTxg55g0R2DG9z_I6y3ea1YCSr8pm0SO_A-9LV_vQ",
  "expire_date":"1571834398",
  "refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE5MTk4OTh9.Z3z9Lz8C3nh5BbbxAMwvQYRW9wmcsgvrgFlYTrTS3og"
}

Revoke Refresh Token

Request a new token using the refresh token.

$ curl -X POST -H 'Content-Type: application/json' -i http://localhost:8000/refresh-tokens/:refreshToken/revoke --data '{"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE5MTk3MzJ9.6pPqklkbIrSrgT82wqS_Dn4UFs_CUk_MkSt1BdXeNvQ"}'

Response

{
  "access_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE4MzQzOTgsInVzZXJuYW1lIjoiYWRtaW4ifQ.IueTxg55g0R2DG9z_I6y3ea1YCSr8pm0SO_A-9LV_vQ",
  "expire_date":"1571834398",
  "refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NzE5MTk4OTh9.Z3z9Lz8C3nh5BbbxAMwvQYRW9wmcsgvrgFlYTrTS3og"
}

Travis CLI

Install the Travis CLI

$ gem install travis

$ travis login

Create the encrypted key and public key in your local repo:

$ ssh-keygen -t rsa -N "" -C "kiwsanthia@gmail.com" -f travis_rsa

$ travis encrypt-file travis_rsa --add

Setup Travis on the droplet

$ sudo adduser --disabled-password --gecos "" travis

$ sudo chown -R travis:travis /opt/www

$ sudo su travis

$ mkdir ~/.ssh

$ chmod 700 .ssh

$ vim .ssh/authorized_keys # paste content from travis_rsa.pub

$ chmod 600 .ssh/authorized_keys && exit

Prepare remote repository on the droplet

$ sudo su travis

$ cd /opt/www

$ mkdir .git

$ cd .git

$ git init --bare

$ cd hooks

$ vim post-receive 

post-receive hook

#!/bin/sh
git --work-tree=/opt/www/public/ --git-dir=/opt/www/.git checkout -f

$ chmod +x post-receive

Resources

• https://echo.labstack.com/cookbook/jwt
• https://medium.com/monstar-lab-bangladesh-engineering/jwt-auth-in-go-dde432440924
• https://www.baeldung.com/rest-api-error-handling-best-practices
• https://docs.travis-ci.com/user/encrypting-files/

User Story (Scrum)

• https://tree.taiga.io/project/kiwsan-go-jwt-auth/timeline