# core-auth-library-go
Auth library for validation of Core Building Block auth tokens
## Installation
To install this package, use `go get`:
go get github.com/rokwire/core-auth-library-go/v3
This will then make the following packages available to you:
github.com/rokwire/core-auth-library-go/authservice
github.com/rokwire/core-auth-library-go/tokenauth
github.com/rokwire/core-auth-library-go/sigauth
Import the `core-auth-library-go/authservice` package into your code using this template:
```go
package yours
import (
...
"github.com/rokwire/core-auth-library-go/authservice"
)
func main() {
// Instantiate an AuthService to maintain basic auth data
authService := authservice.AuthService{
ServiceID: "sample",
ServiceHost: "https://rokwire.illinois.edu/sample",
FirstParty: true,
AuthBaseURL: "https://rokwire.illinois.edu/auth",
}
// Instantiate a remote ServiceRegLoader to load auth service registration record from auth service
serviceRegLoader, err := authservice.NewRemoteServiceRegLoader(&authService, []string{"auth"})
if err != nil {
log.Fatalf("Error initializing remote service registration loader: %v", err)
}
// Instantiate a ServiceRegManager to manage the service registration data loaded by serviceRegLoader
serviceRegManager, err := authservice.NewServiceRegManager(&authService, serviceRegLoader)
if err != nil {
log.Fatalf("Error initializing service registration manager: %v", err)
}
// Instantiate a remote ServiceAccountLoader to load auth service account data from auth service
staticTokenAuth := authservice.StaticTokenServiceAuth{ServiceToken: "sampleToken"}
serviceAccountLoader, err := authservice.NewRemoteServiceAccountLoader(&authService, "sampleAccountID", staticTokenAuth)
if err != nil {
log.Fatalf("Error initializing remote service account loader: %v", err)
}
// Instantiate a remote ServiceAccountManager to manage service account-related data
serviceAccountManager, err := authservice.NewServiceAccountManager(&authService, serviceAccountLoader)
if err != nil {
log.Fatalf("Error initializing service account manager: %v", err)
}
...
}
```
## Upgrading
### Staying up to date
To update core-auth-library-go to the latest version, use `go get -u github.com/rokwire/core-auth-library-go`.
### Migration steps
Follow the steps below to upgrade to the associated version of this library. Note that the steps for each version are cumulative, so if you are attempting to upgrade by several versions, be sure to make the changes described for each version between your current version and the latest.
#### Unreleased
#### [3.0.1](https://github.com/rokwire/core-auth-library-go/compare/v3.0.0...v3.0.1)
##### Breaking changes
###### handlers
* All `tokenauth.Handler` types are now expected to be pointers.
###### authservice
* `NewServiceRegManager` now takes a `validate bool` argument that determines whether or not the service registration for the caller should be automatically validated.
#### [3.0.0](https://github.com/rokwire/core-auth-library-go/compare/v2.2.0...v3.0.0)
##### Breaking changes
###### authservice
* `ServiceRegManager.ValidateServiceRegistrationKey` now takes a `*keys.PrivKey` as an argument instead of `*rsa.PrivateKey`.
* `PubKey` has been moved into the new `keys` package.
###### authutils
* `GetKeyFingerprint` has been removed and now exists as `SetKeyFingerprint` as a function on `keys.PubKey`.
* `GetPubKeyPem` has been removed and now exists as `Encode` as a function on `keys.PubKey`.
###### sigauth
* `SignatureAuth.CheckSignature` now takes a `*keys.PubKey` as an argument instead of `*rsa.PublicKey`.
* `SignatureAuth.CheckRequestSignature` now takes a `*keys.PubKey` as an argument instead of `*rsa.PublicKey`.
* `GetRequestDigest` now takes an `alg string` argument to specify which hash algorithm to use to compute the digest
* The `SignatureAuthHeader` algorithm check has been removed from `CheckRequest`, which has also been renamed to `ParseRequestSignature`. This better reflects that the function should be used to parse HTTP requests. The algorithm check has been moved to `CheckParsedRequestSignature`.
###### tokenauth
* `TokenAuth.ValidateCsrfTokenClaims` has been removed, as the tokenauth package is no longer used to handle CSRF tokens, and these tokens are now opaque.
* `TokenAuth.GetRequestTokens` has been renamed to `TokenAuth.GetAccessToken` and now only returns an access token found in the `Authorization` header of a request.
* `TokenAuth.CheckRequestTokens` has been renamed to `TokenAuth.CheckRequestToken` because now only the access token is checked.
#### [v2.0.1](https://github.com/rokwire/core-auth-library-go/compare/v1.0.9...v2.0.1)
##### Breaking changes
###### authservice
* The `AuthDataLoader` interface has been removed and the `AuthService` type has been refactored to contain basic configuration data needed to communicate with the ROKWIRE Auth Service.
* The `ServiceRegManager` type has been added. To create a `ServiceRegManager`, a `ServiceRegLoader` must be created. The `ServiceRegLoader` is used to load service registration records retrieved from the ROKWIRE Auth Service, which are managed by the `ServiceRegManager`.
* The `ServiceAccountManager` and `ServiceAccountLoader` types have been added. To create a `ServiceAccountManager`, a `ServiceAccountLoader` must be created. The `ServiceAccountLoader` is used to load access tokens from the ROKWIRE Auth Service, where the implementing service must hold an account. These access tokens are managed by the `ServiceAccountManager`.
* The `Kid` field in `PubKey` is now called `KeyID`.
See above for an example of how to create instances of these types to interact with a remote ROKWIRE Auth Service.
###### coreservice
* The `coreservice` package has been added. It declares the `CoreService` type, which is used to interface with services on the [Core Building Block](https://github.com/rokwire/core-building-block).
* All deleted account-related functionality previously used by the `AuthDataLoader` interface has been moved to the `coreservice` package.
###### sigauth
* The `KeyId` field in `SignatureAuthHeader` is now called `KeyID`, and it contains the SHA256 fingerprint of the signing service's public key instead of the signing service ID.
* Signed requests reflect this change, and checking signed requests requires the `KeyID` matches the public key fingerprint of a provided list of service registrations.
###### String Casbin Authorization Policy Model
A "description" (`descr`) parameter has been added to the Casbin string authorization policy model. This allows a description of each permission to be provided inline within the authorization policies. This change means that all Casbin string authorization policies (eg. permission policies) must be updated to include an additional column for this description.
See [example/token/permissions_authorization_policy.csv](example/token/permissions_authorization_policy.csv) for an example of the new policy format.
**Note:** While this new column must exist, it will not impact the actual authorization policy and may be left empty if appropriate.
## ROKWIRE Auth Service
The ROKWIRE Auth Service is the system responsible for handling all user authentication and authorization in the ROKWIRE ecosystem. The Auth Service is a subsystem of the [Core Building Block](https://github.com/rokwire/core-building-block).
## Packages
This library contains several packages:
### `authservice`
The `authservice` package provides the `AuthService` type which contains the configurations to locate and communicate with the ROKWIRE Auth Service. The other packages in this library depend on the `AuthService` object, or other objects which depend on it, to handle any necessary communication with this central Auth Service.
This package also provides the `ServiceRegLoader`, `ServiceRegManager`, `ServiceAccountLoader`, and `ServiceAccountManager` types.
The `ServiceRegManage
没有合适的资源?快使用搜索试试~ 我知道了~
用于验证核心构建基块身份验证令牌的Golang身份验证库.zip
共54个文件
go:24个
md:11个
csv:6个
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 51 浏览量
2024-03-01
16:18:37
上传
评论
收藏 102KB ZIP 举报
温馨提示
用于验证核心构建基块身份验证令牌的Golang身份验证库.zip
资源推荐
资源详情
资源评论
收起资源包目录
用于验证核心构建基块身份验证令牌的Golang身份验证库.zip (54个子文件)
core-auth-library-go-main
CODEOWNERS 34B
SECURITY.md 603B
.secrets.baseline 7KB
CONVENTIONS.md 6KB
go.mod 1KB
authutils
utils_test.go 5KB
utils.go 3KB
tokenauth
handlers.go 6KB
token_test.go 20KB
test_permissions_authorization_policy.csv 180B
token.go 15KB
test_scope_authorization_policy.csv 56B
.github
ISSUE_TEMPLATE
rokwire-issue-template.md 440B
feature_request.md 614B
bug_report.md 841B
pull_request_template.md 3KB
workflows
codeql.yml 3KB
build.yaml 335B
detect-secrets.yaml 571B
envloader
envloader.go 6KB
go.sum 7KB
Makefile 4KB
LICENSE 11KB
keys
keys_test.go 19KB
keys.go 13KB
CONTRIBUTING.md 7KB
CHANGELOG.md 6KB
.pre-commit-config.yaml 149B
authservice
auth_service.go 37KB
auth_service_test.go 22KB
mocks
ServiceRegLoader.go 1KB
ServiceAccountLoader.go 2KB
internal
testutils
test_utils.go 9KB
webauth
web_test.go 5KB
web.go 6KB
CODE_OF_CONDUCT.md 5KB
coreservice
core_service.go 5KB
.gitignore 329B
sigauth
signature_test.go 23KB
signature.go 15KB
example
token
scope_authorization_policy.csv 27B
app.go 4KB
permissions_authorization_policy.csv 135B
envloader
app.go 1KB
signature
app.go 7KB
coreservice
app.go 2KB
README.md 29B
README.md 11KB
authorization
authorization_test.go 19KB
authorization_model_scope.conf 454B
authorization_model_string.conf 224B
test_permissions_authorization_policy.csv 135B
authorization.go 12KB
test_scope_authorization_policy.csv 56B
共 54 条
- 1
资源评论
处处清欢
- 粉丝: 150
- 资源: 2471
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功