cloud-security-client-go

module
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2024 License: Apache-2.0

README

Go Cloud Security Integration

PkgGoDev Go Report Card REUSE status

Description

Client Library in GoLang for application developers requiring authentication with the SAP Identity Authentication Service (IAS). The library provides means for validating the Open ID Connect Token (OIDC) and accessing authentication information like user uuid, user attributes and audiences from the token.

Supported Environments

  • Cloud Foundry
  • Kubernetes/Kyma as of 0.11 version

Requirements

In order to make use of this client library your application should be integrated with the SAP Identity Authentication Service (IAS).

Download and Installation

This project is a library for applications or services and does not run standalone. When integrating, the most important package is auth. It contains means for parsing claims of the JWT and validation the token signature, audience, issuer and more.

The client library works as a middleware and has to be instantiated with NewMiddelware. For authentication there are options:

  • Ready-to-use Middleware Handler: The AuthenticationHandler which implements the standard http/Handler interface. Thus, it can be used easily e.g. in an gorilla/mux router or a plain http/Server implementation. The claims can be retrieved with auth.GetClaims(req) in the HTTP handler.
  • Authenticate func: More flexible, can be wrapped with an own middleware func to propagate the users claims.
Service configuration in Kubernetes environment

To access service instance configurations from the application, Kubernetes secrets need to be provided as files in a volume mounted on application's container. Library will look up the configuration files on the mountPath:"/etc/secrets/sapbtp/identity/<YOUR IAS INSTANCE NAME>".

Usage Sample

samples/middleware.go

Testing

The client library offers an OIDC Mock Server with means to create arbitrary tokens for testing purposes. Examples for the usage of the Mock Server in combination with the OIDC Token Builder can be found in auth/middleware_test.go

Current limitations

Not Known.

How to obtain support

In case of questions or bug or reports please open a GitHub Issue in this repository.

Contribution

Contributions are welcome! Please open a pull request and we will provide feedback as soon as possible.

Note that this project makes use of golangci-lint.
To make use of our Makefile, please make sure you have installed golangci-lint on your local machine.

All prerequisites for a pull request can then be checked with make pull-request.

More information can be found in CONTRIBUTING.md

Licensing

Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.

Directories

Path Synopsis
SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors
 SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors
SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors
 SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors
SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors
 SPDX-FileCopyrightText: 2021 SAP SE or an SAP affiliate company and Cloud Security Client Go contributors

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.