cloud-security-client-go

module

v0.11.0 Latest Latest Go to latest Published: Sep 7, 2021 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sap/cloud-security-client-go

Links

Open Source Insights

README ¶

Go Cloud Security Integration

Description

Client Library in GoLang for application developers requiring authentication with the SAP Identity Authentication Service (IAS). The library provides means for validating the Open ID Connect Token (OIDC) and accessing authentication information like user uuid, user attributes and audiences from the token.

Supported Environments

Cloud Foundry
Kubernetes/Kyma as of 0.11 version

Requirements

In order to make use of this client library your application should be integrated with the SAP Identity Authentication Service (IAS).

Download and Installation

This project is a library for applications or services and does not run standalone. When integrating, the most important package is auth. It contains means for parsing claims of the JWT and validation the token signature, audience, issuer and more.

The client library works as a middleware and has to be instantiated with NewMiddelware. For authentication there are options:

Ready-to-use Middleware Handler: The AuthenticationHandler which implements the standard http/Handler interface. Thus, it can be used easily e.g. in an gorilla/mux router or a plain http/Server implementation. The claims can be retrieved with auth.GetClaims(req) in the HTTP handler.
Authenticate func: More flexible, can be wrapped with an own middleware func to propagate the users claims.

Service configuration in Kubernetes environment

To access service instance configurations from the application, Kubernetes secrets need to be provided as files in a volume mounted on application's container. Library will look up the configuration files on the mountPath:"/etc/secrets/sapbtp/identity/<YOUR IAS INSTANCE NAME>".

Sample Code

r := mux.NewRouter()

config, err := env.GetIASConfig()
if err != nil {
    panic(err)
}
authMiddleware := auth.NewMiddleware(config, auth.Options{})
r.Use(authMiddleware.AuthenticationHandler)

r.HandleFunc("/helloWorld", helloWorld).Methods("GET")

address := ":8080"
log.Println("Starting server on address", address)
err = http.ListenAndServe(address, handlers.LoggingHandler(os.Stdout, r))
if err != nil {
    panic(err)
}

Full example: samples/middleware.go

Testing

The client library offers an OIDC Mock Server with means to create arbitrary tokens for testing purposes. Examples for the usage of the Mock Server in combination with the OIDC Token Builder can be found in auth/middleware_test.go

Current limitations

Not Known.

How to obtain support

In case of questions or bug or reports please open a GitHub Issue in this repository.

Contribution

Contributions are welcome! Please open a pull request and we will provide feedback as soon as possible.

Note that this project makes use of golangci-lint.
To make use of our Makefile, please make sure you have installed golangci-lint on your local machine.

All prerequisites for a pull request can then be checked with make pull-request.

More information can be found in CONTRIBUTING.md

Licensing

Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.

Directories ¶

Path	Synopsis
auth
env
mocks
oidcclient
samples

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL