Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ssoready/ssoready-go

Golang SDK for SSOReady. Add SAML + SCIM support to any Go application this afternoon.
https://github.com/ssoready/ssoready-go

saml scim sso

Last synced: 9 days ago
JSON representation

Golang SDK for SSOReady. Add SAML + SCIM support to any Go application this afternoon.

Awesome Lists containing this project

README 

        
![](https://i.imgur.com/OhtkhbJ.png)



# SSOReady-Go: SAML & SCIM for Golang



[![Go Reference](https://pkg.go.dev/badge/github.com/ssoready/ssoready-go.svg)](https://pkg.go.dev/github.com/ssoready/ssoready-go)



`github.com/ssoready/ssoready-go` is a Go SDK for the

[SSOReady](https://ssoready.com) API.



SSOReady is a set of open-source dev tools for implementing Enterprise SSO. You

can use SSOReady to add SAML and SCIM support to your product this afternoon.



For example applications built using SSOReady-Go, check out:



- [SSOReady Example App: Golang + net/http with SAML](https://github.com/ssoready/ssoready-example-app-golang-saml)



## Installation



Run the following:



```bash

go get github.com/ssoready/ssoready-go

```



## Usage



This section provides a high-level overview of how SSOReady works, and how it's

possible to implement SAML and SCIM in just an afternoon. For a more thorough

introduction, visit the [SAML

quickstart](https://ssoready.com/docs/saml/saml-quickstart) or the [SCIM

quickstart](https://ssoready.com/docs/scim/scim-quickstart).



The first thing you'll do is create a SSOReady client instance:



```go

import (

	"github.com/ssoready/ssoready-go"

	ssoreadyclient "github.com/ssoready/ssoready-go/client"

)



ssoreadyClient := ssoreadyclient.NewClient()

```



### SAML in two lines of code



SAML (aka "Enterprise SSO") consists of two steps: an _initiation_ step where

you redirect your users to their corporate identity provider, and a _handling_

step where you log them in once you know who they are.



To initiate logins, you'll use SSOReady's [Get SAML Redirect

URL](https://ssoready.com/docs/api-reference/saml/get-saml-redirect-url)

endpoint:



```go

// this is how you implement a "Sign in with SSO" button

getRedirectURLRes, err := ssoreadyClient.SAML.GetSAMLRedirectURL(ctx, &ssoready.GetSAMLRedirectURLRequest{

    OrganizationExternalID: "...",

})

if err != nil { ... }



// redirect the user to getRedirectURLRes.RedirectURL ...

```



You can use whatever your preferred ID is for organizations (you might call them

"workspaces" or "teams") as your `OrganizationExternalID`. You configure those

IDs inside SSOReady, and SSOReady handles keeping track of that organization's

SAML and SCIM settings.



To handle logins, you'll use SSOReady's [Redeem SAML Access

Code](https://ssoready.com/docs/api-reference/saml/redeem-saml-access-code) endpoint:



```go

redeemRes, err := ssoreadyClient.SAML.RedeemSAMLAccessCode(ctx, &ssoready.RedeemSAMLAccessCodeRequest{

	SAMLAccessCode: "saml_access_code_...",

})



// log the user in as redeemRes.Email inside redeemRes.OrganizationExternalID

```



You configure the URL for your `/ssoready-callback` endpoint in SSOReady.



### SCIM in one line of code



SCIM (aka "Enterprise directory sync") is basically a way for you to get a list

of your customer's employees offline.



To get a customer's employees, you'll use SSOReady's [List SCIM

Users](https://ssoready.com/docs/api-reference/scim/list-scim-users) endpoint:



```go

listSCIMUsersRes, err := ssoreadyClient.SCIM.ListSCIMUsers(ctx, &ssoready.SCIMListSCIMUsersRequest{

	OrganizationExternalID: "...",

})

if err != nil { ... }



// create users from each scim user

for _, scimUser := range listSCIMUsersRes.SCIMUsers { 

	// each scimUser has an ID, Email, Attributes, and Deleted

}

```



## Contributing



Issues and PRs are more than welcome. Be advised that this library is largely

autogenerated from [`ssoready/docs`](https://github.com/ssoready/docs). Most

code changes ultimately need to be made there, not on this repo.