# README
Keratin Authn Client
Keratin AuthN is an authentication service that keeps you in control of the experience without forcing you to be an expert in web security.
This library provides utilities to help integrate with a Go application. You may also need a client for your frontend, such as https://github.com /keratin/authn-js.
Installation
go get github.com/SimifiniiCTO/backend-core-lib/third-party/authn
Example
package main
import (
"fmt"
sdk "github.com/SimifiniiCTO/backend-core-lib/third-party/authn"
)
var jwt1 = `<your test jwt here>`
var accountID = `<test ID>`
func main() {
err := sdk.NewClient(sdk.Config{
// The AUTHN_URL of your Keratin AuthN server. This will be used to verify tokens created by
// AuthN, and will also be used for API calls unless PrivateBaseURL is also set.
Issuer: "https://issuer.example.com",
// The domain of your application (no protocol). This domain should be listed in the APP_DOMAINS
// of your Keratin AuthN server.
Audience: "application.example.com",
// Credentials for AuthN's private endpoints. These will be used to execute admin actions using
// the Client provided by this library.
//
// TIP: make them extra secure in production!
Username: "<Authn Username>",
Password: "<Authn Password>",
// RECOMMENDED: Send private API calls to AuthN using private network routing. This can be
// necessary if your environment has a firewall to limit public endpoints.
PrivateBaseURL: "http://private.example.com",
})
fmt.Println(err)
// SubjectFrom will return an AuthN account ID that you can use as to identify the user, if and
// only if the token is valid.
sub, err := sdk.SubjectFrom(jwt1)
fmt.Println(sub)
fmt.Println(err)
// LockAccount will lock an AuthN account using the same ID that you saw in the user's JWT when
// they signed up. That account will be unable to log in until it is unlocked.
//
// See the godocs for all actions that you can take on an account.
err = sdk.LockAccount(accountID)
fmt.Println(err)
}
# Functions
Configure initializes the default AuthN client with the given config.
New returns an initialized and configured Client.
NewIDTokenVerifier creates a new idTokenVerifier object by using keychain as the JWK provider Claims are verified against the values specified in config.
SubjectFrom will use the the client configured by Configure to extract a subject from the given idToken.
# Constants
DefaultKeychainTTL is the default TTL for a key in keychain in minutes.
# Variables
DefaultClient can be initialized by Configure and used by SubjectFrom.
ErrInvalidOptions is returned by SubjectFrom if invalid options are used.
ErrNoKey is returned when no key is found in the keychain.
# Structs
Account is an AuthN user account.
Claims represents the claims in an Authn idToken.
Client provides JWT verification for ID tokens generated by the AuthN server.
Config is a configuration struct for Client.
ErrorResponse is returned together with 4xx and 5xx HTTP status codes and contains a list of error conditions encountered while processing an API request It implements the error interface.
FieldError is a returned for each field in an API request that does not match the expectations.
IdResult is the result of a login request.
LoginResponse serves as the response to the login request.
RetryConfig provides a mechanism by which clients can configure http retries parameters.
# Interfaces
AuthService exposes the interface contract the authentication service client adheres to.
JWKProvider Provides a JSON Web Key from a Key ID Wanted to use function signature from go-jose.v2 but that would make us lose error information.
JWTClaimsExtractor Extracts verified in-built claims from a jwt idToken.