Client Library in GoLang for application developers requiring authentication with the SAP Identity Authentication Service (IAS). The library provides means for validating the Open ID Connect Token (OIDC) and accessing authentication information like user uuid, user attributes and audiences from the token.
Parsing claims of the JWT and validation the token signature, audience, issuer, …
Any interaction with the Authorization Server e.g. OIDC discovery and fetching token keys
Parsing of environment provided by the Authorization Server e.g. IAS broker
The client library works as a middleware and has to be instantiated with NewMiddelware. For authentication there are options:
- Ready-to-use Middleware Handler: The
AuthenticationHandlerwhich implements the standardhttp/Handlerinterface. Thus, it can be used easily e.g. in angorilla/muxrouter or a plainhttp/Serverimplementation. The claims can be retrieved withauth.GetClaims(req)in the HTTP handler. - Authenticate func: More flexible, can be wrapped with an own middleware func to propagate the users claims.
r := mux.NewRouter()
config, err := env.GetIASConfig()
if err != nil {
panic(err)
}
authMiddleware := auth.NewMiddleware(config, auth.Options{})
r.Use(authMiddleware.AuthenticationHandler)
r.HandleFunc("/helloWorld", helloWorld).Methods("GET")
address := ":8080"
log.Println("Starting server on address", address)
err = http.ListenAndServe(address, handlers.LoggingHandler(os.Stdout, r))
if err != nil {
panic(err)
} Full example: samples/middleware.go
The client library offers an OIDC Mock Server with means to create arbitrary tokens for testing purposes. Examples for the usage of the Mock Server in combination with the OIDC Token Builder can be found in auth/middleware_test.go
The client library does not yet provide support for IAS custom domains. This limitation will be overcome within the next few weeks, once there is full support for that from IAS and IAS-Broker side.