The highest tagged major version is
README
¶
core-auth-library-go
Auth library for validation of Core Building Block auth tokens
Installation
To install this package, use go get:
go get github.com/rokwire/core-auth-library-go
This will then make the following packages available to you:
github.com/rokwire/core-auth-library-go/authservice
github.com/rokwire/core-auth-library-go/tokenauth
github.com/rokwire/core-auth-library-go/sigauth
Import the core-auth-library-go/authservice package into your code using this template:
package yours
import (
...
"github.com/rokwire/core-auth-library-go/authservice"
)
func printDeletedAccountIDs(accountIDs []string) error {
log.Printf("Deleted account IDs: %v\n", accountIDs)
return nil
}
func main() {
config := authservice.RemoteAuthDataLoaderConfig{
AuthServicesHost: "https://rokwire.illinois.edu/auth",
ServiceToken: "example_token",
DeletedAccountsCallback: printDeletedAccountIDs,
}
dataLoader := authservice.NewRemoteAuthDataLoader(config, nil)
authService, err := authservice.NewAuthService("example", "https://rokwire.illinois.edu/example", dataLoader)
if err != nil {
log.Fatalf("Error initializing auth service: %v", err)
}
...
}
Staying up to date
To update core-auth-library-go to the latest version, use go get -u github.com/rokwire/core-auth-library-go.
ROKWIRE Auth Service
The ROKWIRE Auth Service is the system responsible for handling all user authentication and authorization in the ROKWIRE ecosystem. The Auth Service is a subsystem of the Core Building Block.
Packages
This library contains several packages:
authservice
The authservice package provides the AuthService type which contains the configurations to locate and communicate with the ROKWIRE Auth Service. The other packages in this library depend on the AuthService object to handle any necessary communication with this central Auth Service.
tokenauth
The tokenauth package provides the TokenAuth type which exposes the interface to validate and authorize auth tokens generated by the ROKWIRE Auth Service.
sigauth
The sigauth package provides the SignatureAuth type which exposes the interface to sign and verify HTTP requests to communicate securely between services within the ROKWIRE ecosystem.
authorization
The authorization package provides a generic Authorization interface and a specific CasbinAuthorization and CasbinScopeAuthorization implementation of this interface that can be used with the TokenAuth object. There are two standard Casbin models that can be found in authorization/authorization_model_string.conf and authorization/authorization_model_scope.conf that can be used with each of these types respectively. You can also define your own model if neither of these fits the use case.
envloader
The envloader package provides the EnvLoader interface which facilitates the loading of environment variables from various environments. Two standard implementations have been provided: LocalEnvLoader and AWSSecretsManagerEnvLoader. The LocalEnvLoader loads all variables from the environment variables set on the local machine, while the AWSSecretsManagerEnvLoader will load them from an AWS SecretsManager Secret.
AWSSecretsManagerEnvLoader
When using the AWSSecretsManagerEnvLoader, two environment variables must be set on the local machine to configure the specific secret to be accessed. The underlying infrastructure must also have the appropriate AWS permissions/roles to access the specied secret.
Environment Variables:
| Name | Description |
|---|---|
| APP_SECRET_ARN | The AWS ARN of the AWS SecretsManager Secret to be accessed |
| AWS_REGION | The AWS region of the AWS SecretsManager Secret to be accessed |
The NewEnvLoader() function can be used to automatically select and create the correct EnvLoader implementation object. If the two environment variables mentioned above are set, an AWSSecretsManagerEnvLoader will be returned, otherwise a LocalEnvLoader will be returned.
authutils
The authutils package contains constants and standard utilities shared by the other packages.
Usage
To get started, take a look at the example/ directory
Directories