Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/osstotalsoft/oidc-jwt-go
OpenID Connect package to secure your API using JWT Bearer tokens
https://github.com/osstotalsoft/oidc-jwt-go
go oidc openid openid-connect
Last synced: 3 months ago
JSON representation
OpenID Connect package to secure your API using JWT Bearer tokens
- Host: GitHub
- URL: https://github.com/osstotalsoft/oidc-jwt-go
- Owner: osstotalsoft
- License: mit
- Created: 2019-03-08T13:23:08.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2022-02-14T04:15:39.000Z (about 3 years ago)
- Last Synced: 2024-06-19T06:00:21.692Z (8 months ago)
- Topics: go, oidc, openid, openid-connect
- Language: Go
- Size: 16.6 KB
- Stars: 15
- Watchers: 7
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# oidc-jwt-go
OpenID Connect package to secure your API using JWT Bearer tokens.
It uses [dgrijalva/jwt-go](https://github.com/golang-jwt/jwt) for jwt decoding and signature verification
## Installation
`go get "github.com/osstotalsoft/oidc-jwt-go" `## Usage
````go
import (
"log"
"net/http"jwtRequest "github.com/golang-jwt/jwt/request"
"github.com/osstotalsoft/oidc-jwt-go"
)func middleware() func(next http.Handler) http.Handler {
authority := "https://accounts.google.com" //or other OIDC provider
audience := "YOUR_API_NAME"secretProvider := oidc.NewOidcSecretProvider(discovery.NewClient(discovery.Options{authority}))
validator := oidc.NewJWTValidator(jwtRequest.OAuth2Extractor, secretProvider, audience, authority)return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
token, err := validator(request)
if err != nil {
log.Error("AuthorizationFilter: Token is not valid", err)
UnauthorizedWithHeader(writer, err.Error())
return
}
next.ServeHttp(writer, request)
})
}
}//UnauthorizedWithHeader adds to the response a WWW-Authenticate header and returns a StatusUnauthorized error
func UnauthorizedWithHeader(writer http.ResponseWriter, err string) {
writer.Header().Set("WWW-Authenticate", "Bearer error=\"invalid_token\", error_description=\""+err+"\"")
http.Error(writer, "", http.StatusUnauthorized)
}
````## Caching
The Secret Provider uses a simple sync.Map, with no expiration, to cache the rsa.PublicKey by a Key ID string## TODO
- Token Introspection [rfc7662](https://tools.ietf.org/html/rfc7662)
- UserInfo [UserInfo](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
## Similar projects
- https://github.com/auth0-community/go-auth0
- https://github.com/auth0/go-jwt-middleware
- https://github.com/appleboy/gin-jwt