Iam Token Validator
Overview
iamtokenvalidator
is a Go package designed to validate and decode JWT tokens using JSON Web Keys (JWK) fetched from a specified MC-IAM-MANAGER endpoint.
It provides functionality to verify tokens and extract claims, supporting the RS256, RS384, and RS512 signing methods.
Installation
To install the package, use the following command:
go get github.com/m-cmp/mc-iam-manager/iamtokenvalidator
Usage
Importing the Package
To use iamtokenvalidator
in your Go project, import it as follows:
import "github.com/m-cmp/mc-iam-manager/iamtokenvalidator"
Functions
GetPubkeyIamManager
Fetches the JWK set from the provided MC-IAM-MANAGER URL and prepares the public key for token validation.
func GetPubkeyIamManager(host string) error
Parameters:
host
: The base URL of the MC-IAM-MANAGER service.
Returns:
error
: An error if fetching the JWK set fails.
Example:
err := iamtokenvalidator.GetPubkeyIamManager("https://your-iam-manager-host")
if err != nil {
log.Fatalf("Failed to get public key: %v", err)
}
IsTokenValid
Validates the given JWT token string using the previously fetched JWK set.
func IsTokenValid(tokenString string) error
Parameters:
tokenString
: The JWT token string to validate.
Returns:
error
: An error if the token is invalid.
Example:
err := iamtokenvalidator.IsTokenValid("your-jwt-token")
if err != nil {
fmt.Printf("Token is invalid: %v", err)
} else {
fmt.Println("Token is valid")
}
GetTokenClaimsByIamManagerClaims
Parses the given JWT token string and extracts claims defined in IamManagerClaims
.
func GetTokenClaimsByIamManagerClaims(tokenString string) (*IamManagerClaims, error)
Parameters:
tokenString
: The JWT token string to parse.
Returns:
*IamManagerClaims
: The extracted claims.
error
: An error if the token is invalid.
Example:
claims, err := iamtokenvalidator.GetTokenClaimsByIamManagerClaims("your-jwt-token")
if err != nil {
fmt.Printf("Failed to get claims: %v", err)
} else {
fmt.Printf("UserID: %s, UserName: %s", claims.UserId, claims.UserName)
}
GetTokenClaimsByCustomClaims
Parses the given JWT token string and extracts custom claims defined by the user.
func GetTokenClaimsByCustomClaims(tokenString string, myclaims interface{}) (interface{}, error)
Parameters:
tokenString
: The JWT token string to parse.
myclaims
: A custom claims struct to extract.
Returns:
interface{}
: The extracted custom claims.
error
: An error if the token is invalid.
Example:
type CustomClaims struct {
jwt.StandardClaims
Email string `json:"email"`
}
var customClaims CustomClaims
claims, err := iamtokenvalidator.GetTokenClaimsByCustomClaims("your-jwt-token", &customClaims)
if err != nil {
fmt.Printf("Failed to get custom claims: %v", err)
} else {
fmt.Printf("Email: %s", claims.(*CustomClaims).Email)
}
Supporting Functions
keyfunction
A helper function to support the RS256, RS384, and RS512 signing methods.
func keyfunction(token *jwt.Token) (interface{}, error)
Buffalo Middleware Example
A helper function to support the RS256, RS384, and RS512 signing methods.
func init() {
r = render.New(render.Options{
DefaultContentType: "application/json",
})
KEYCLOAKHOST := os.Getenv("KEYCLOAK_HOST")
KEYCLAOKREALM := os.Getenv("KEYCLAOK_REALM")
fmt.Println("Trying to fetch Pubkey URL :", KEYCLOAKHOST)
err := iamtokenvalidator.GetPubkeyIamManager(KEYCLOAKHOST + "/realms/" + KEYCLAOKREALM + "/protocol/openid-connect/certs")
if err != nil {
panic(err)
}
}
License
This project is licensed under the Apache License. See the LICENSE file for details.
Contributing
Please feel free to submit issues, fork the repository, and send pull requests!