IAM Auth Filter

This package enables filtering using IAM service in go-restful apps.

Usage

Importing

import "github.com/AccelByte/go-restful-plugins/pkg/auth/iam"

Create filter

This filter depends on IAM client passed through the constructor.

The client should be ready to do local token validation by calling iamClient.StartLocalValidation() first. To do permission checking too, the client will need client token, which can be retrived using iamClient.ClientTokenGrant().

Create Filter:

filter := iam.NewFilter(iamClient)

Create Filter with custom options:

options := &FilterInitializationOptions {
	StrictRefererHeaderValidation: true // Enable full path check of redirect uri in referer header validation (default: false)
}

filter := iam.NewFilterWithOptions(iamClient, options)

Constructing filter

The default Auth() filter only validates if the JWT access token is valid.

ws := new(restful.WebService)
ws.Filter(filter.Auth())

However, it can be expanded through FilterOption parameters. There are several built-in expansions in this package ready for use.

ws.Filter(
    filter.Auth(
        iam.WithValidUser(),
        iam.WithPermission(
            &iamSDK.Permission{
                Resource: "NAMESPACE:{namespace}:ECHO",
                Action:   iamSDK.ActionCreate | iamSDK.ActionRead,
            }),
    ))

Reading JWT Claims

Auth() filter will inject the parsed IAM SDK's JWT claims to restful.Request.attribute. To retrieve it, use:

claims := iam.RetrieveJWTClaims(request)

Note

Retrieved claims can be nil if the request not filtered using Auth()

Filter all endpoints

ws := new(restful.WebService)
ws.Filter(filter.Auth())

Filter specific endpoint

ws := new(restful.WebService)
ws.Route(ws.GET("/user/{id}").
    Filter(filter.Auth()).
    To(func(request *restful.Request, response *restful.Response) {
}))