README
¶
goa v2 Security Example
This example illustrates how to secure microservice endpoints. The service
endpoints showcase the various security schemes supported in goa. It exposes
endpoints secured via different security requirements, the doubly_secure and
also_doubly_secure endpoints illustrate how to secure a single endpoint using
multiple requirements.
Design
The key design sections for the multi_auth service define the various security
requirements. The most interesting ones are the doubly_secure and
also_doubly_secure requirements:
Security(JWTAuth, APIKeyAuth, func() { // Use JWT and an API key to secure this endpoint.
Scope("api:read") // Enforce presence of both "api:read"
Scope("api:write") // and "api:write" scopes in JWT claims.
})
The payload DSL defines two attributes key and token that hold the API key
and JWT token respectively:
Payload(func() {
APIKey("api_key", "key", String, func() {
Description("API key")
})
Token("token", String, func() {
Description("JWT used for authentication")
})
})
The design requires the client to provide both an API key and a JWT token.
doubly_secure loads the value of the API key from the request query string
while also_doubly_secure loads it from the request headers.
doubly_secure
HTTP(func() {
GET("/secure")
Param("key:k")
...
also_doubly_secure
HTTP(func() {
POST("/secure")
Header("key:Authorization")
Documentation
¶
Index ¶
- Variables
- func NewSecuredService(logger *log.Logger) securedservice.Service
- func SecuredServiceAPIKeyAuth(ctx context.Context, key string, s *security.APIKeyScheme) (context.Context, error)
- func SecuredServiceBasicAuth(ctx context.Context, user, pass string, s *security.BasicScheme) (context.Context, error)
- func SecuredServiceJWTAuth(ctx context.Context, token string, s *security.JWTScheme) (context.Context, error)
- func SecuredServiceOAuth2Auth(ctx context.Context, token string, s *security.OAuth2Scheme) (context.Context, error)
Constants ¶
This section is empty.
Variables ¶
var ( // are invalid. ErrUnauthorized error = securedservice.Unauthorized("invalid username and password combination") // ErrInvalidToken is the error returned when the JWT token is invalid. ErrInvalidToken error = securedservice.Unauthorized("invalid token") // ErrInvalidTokenScopes is the error returned when the scopes provided in // the JWT token claims are invalid. ErrInvalidTokenScopes error = securedservice.InvalidScopes("invalid scopes in token") // Key is the key used in JWT authentication Key = []byte("secret") )
Functions ¶
func NewSecuredService ¶
func NewSecuredService(logger *log.Logger) securedservice.Service
NewSecuredService returns the secured_service service implementation.
func SecuredServiceAPIKeyAuth ¶
func SecuredServiceAPIKeyAuth(ctx context.Context, key string, s *security.APIKeyScheme) (context.Context, error)
SecuredServiceAPIKeyAuth implements the authorization logic for service "secured_service" for the "api_key" security scheme.
func SecuredServiceBasicAuth ¶
func SecuredServiceBasicAuth(ctx context.Context, user, pass string, s *security.BasicScheme) (context.Context, error)
SecuredServiceBasicAuth implements the authorization logic for service "secured_service" for the "basic" security scheme.
func SecuredServiceJWTAuth ¶
func SecuredServiceJWTAuth(ctx context.Context, token string, s *security.JWTScheme) (context.Context, error)
SecuredServiceJWTAuth implements the authorization logic for service "secured_service" for the "jwt" security scheme.
func SecuredServiceOAuth2Auth ¶
func SecuredServiceOAuth2Auth(ctx context.Context, token string, s *security.OAuth2Scheme) (context.Context, error)
SecuredServiceOAuth2Auth implements the authorization logic for service "secured_service" for the "oauth2" security scheme.
Types ¶
This section is empty.
Source Files
Directories