{"id":29572693,"url":"https://github.com/accelbyte/iam-go-sdk","last_synced_at":"2025-07-19T05:10:53.956Z","repository":{"id":33046260,"uuid":"148986911","full_name":"AccelByte/iam-go-sdk","owner":"AccelByte","description":"Go SDK for integrating with AccelByte's IAM service","archived":false,"fork":false,"pushed_at":"2024-11-06T05:45:22.000Z","size":202,"stargazers_count":7,"open_issues_count":1,"forks_count":16,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-01-06T03:23:54.161Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AccelByte.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-09-16T10:57:38.000Z","updated_at":"2024-09-12T16:05:23.000Z","dependencies_parsed_at":"2023-11-20T06:28:38.918Z","dependency_job_id":"55c00d87-4d23-486c-ad2c-dbc4b1349fb4","html_url":"https://github.com/AccelByte/iam-go-sdk","commit_stats":null,"previous_names":[],"tags_count":43,"template":false,"template_full_name":null,"purl":"pkg:github/AccelByte/iam-go-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AccelByte%2Fiam-go-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AccelByte%2Fiam-go-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AccelByte%2Fiam-go-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AccelByte%2Fiam-go-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AccelByte","download_url":"https://codeload.github.com/AccelByte/iam-go-sdk/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AccelByte%2Fiam-go-sdk/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265892512,"owners_count":23845034,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-19T05:10:53.231Z","updated_at":"2025-07-19T05:10:53.931Z","avatar_url":"https://github.com/AccelByte.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n[![Build Status](https://travis-ci.com/AccelByte/iam-go-sdk.svg?branch=master)](https://travis-ci.com/AccelByte/iam-go-sdk)\n\n# IAM Go SDK\n\nThis is AccelByte's IAM Go SDK for integrating with IAM in Go projects.\n\n## Usage\n\n### Import package\n\n```go\nimport \"github.com/AccelByte/iam-go-sdk/v2\"\n```\n\n### Create default IAM client\n\n```go\ncfg := \u0026iam.Config{\n    BaseURL: \"\u003cIAM URL\u003e\",\n    BasicBaseURL: \"\u003cBasic URL\u003e\",\n    ClientID: \"\u003cclient ID\u003e\",\n    ClientSecret: \"\u003cclient secret\u003e\",\n}\n\nclient := iam.NewDefaultClient(cfg)\n```\n\nIt's recommended that you store the **interface** rather than the type since it enables you to mock the client during tests.\n\n```go\nvar client iam.Client\n\nclient := iam.NewDefaultClient(cfg)\n```\n\nDuring tests, you can replace the `client` with:\n\n```go\nvar client iam.Client\n\nclient := iam.NewMockClient() // or create your own mock implementation that suits your test case\n```\n\n**Note**\n\nBy default, the client can only do token validation by requesting to the IAM service.\n\nTo enable local validation, you need to call:\n\n```go\nclient.StartLocalValidation()\n```\n\nThen, the client will automatically get JWK and the revocation list, refreshing them periodically.\nThis enables you to do a local token validation and JWT claims parsing.\n\nHowever, if you need to validate permissions, you'll need to call `ClientTokenGrant()` to retrieve the client access token that will be used as a bearer token when requesting role details to the IAM service.\n\nCalling `ClientTokenGrant()` once will automatically trigger periodic token refresh.\n\n```go\nclient.ClientTokenGrant()\n```\n\n### Validate token\n\n#### Validate locally using downloaded JWK and revocation list\n\n```go\nclaims, _ := client.ValidateAndParseClaims(accessToken)\n```\n\n**Note**\n\nStore the `claims` output if you need to validate it's permission, role, or other properties.\n\n#### Validate by sending a request to IAM service\n\n```go\nok, _ := client.ValidateAccessToken(accessToken)\n```\n\n### Validate permission\n\nAs an example, assume you have a resource permission that needs `NAMESPACE:{namespace}:USER:{userId}` resource string and `4 [UPDATE]` action to access.\n\nUsing `claims`, you can verify if the token owner is allowed to access the resource with:\n\n```go\npermissionResource := make(map[string]string)\npermissionResource[\"{namespace}\"] = \"example\"\npermissionResource[\"{userId}\"] = \"example\"\nclient.ValidatePermission(claims, iam.Permission{Resource:\"NAMESPACE:{namespace}:USER:{userId}\", Action:4}, permissionResource)\n```\n\n### Validate audience\n\nValidate the audience from the token owner with client's base URI:\n\n```go\n_ = client.ValidateAudience(claims *JWTClaims) error\n```\n\n**Note**\n\nA client access token is required to get client information (client base URI).\n\n### Validate scope\n\nValidate scope from the token owner with the client scope:\n\n```go\n_ = client.ValidateScope(claims *JWTClaims, scope string) error\n```\n\n### Health check\n\nWhenever the IAM service is unhealthy, the client will know by detecting if any of the automated refresh goroutines have an error.\n\nYou can check the health with:\n\n```go\nclient.HealthCheck()\n```\n\n## Jaeger tracing\n\nThe IAM service client supports Opentracing Jaeger Traces in Zipkin B3 format (multiple headers mode). Additionally, the client handles K8s Istio traces and includes them into outbound calls.\n\n### Configure Jaeger tracing\n\nTo configure the Jaegeer client, provide the Jaeger Agent `host:port` or the Jaeger Collector URL and set up the global tracer:\n\n```go\n/*\nfunc InitGlobalTracer(\n    jaegerAgentHost string,\n    jaegerCollectorEndpoint string,\n    serviceName string,\n    realm string,\n)\n*/\n\njaeger.InitGlobalTracer(jaegerAgentHost, \"\", \"service-name\", \"node-name\")\n// or\njaeger.InitGlobalTracer(\"\", jaegerCollectorURL, \"service-name\", \"node-name\")\n```\n\n### Jaeger tracing usage\n\nUse API methods received from the response context:\n\n```go\n// instead of \nvalidationResult, err := testClient.ValidatePermission(\n    claims,\n    requiredPermission,\n    permissionResources,\n)\n\n// use what's received from the request context\nvalidationResult, err := testClient.ValidatePermission(\n    claims,\n    requiredPermission,\n    permissionResources,\n    WithJaegerContext(ctx),\n)\n\n// or an empty context to start a new Jaeger Span\nvalidationResult, err := testClient.ValidatePermission(\n    claims,\n    requiredPermission,\n    permissionResources,\n    WithJaegerContext(context.Background()),\n)\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccelbyte%2Fiam-go-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faccelbyte%2Fiam-go-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccelbyte%2Fiam-go-sdk/lists"}