Skip to content

Latest commit

 

History

History
67 lines (52 loc) · 2.59 KB

README.md

File metadata and controls

67 lines (52 loc) · 2.59 KB

Keratin AuthN

Keratin AuthN is an authentication service that keeps you in control of the experience without forcing you to be an expert in web security.

This library provides utilities to help integrate with a Go application. You will also need a client for your frontend, such as https://github.com/keratin/authn-js.

Godoc Gitter Build Status Go Report

Installation

go get github.com/keratin/authn-go/authn

Example

package main

import (
  "fmt"
  "github.com/keratin/authn-go/authn"
)

var jwt1 = `<your test jwt here>`
var accountID = `<test ID>`

func main() {
  err := authn.NewClient(authn.Config{
    // The AUTHN_URL of your Keratin AuthN server. This will be used to verify tokens created by
    // AuthN, and will also be used for API calls unless PrivateBaseURL is also set.
    Issuer:         "https://issuer.example.com",

    // The domain of your application (no protocol). This domain should be listed in the APP_DOMAINS
    // of your Keratin AuthN server.
    Audience:       "application.example.com",

    // Credentials for AuthN's private endpoints. These will be used to execute admin actions using
    // the Client provided by this library.
    //
    // TIP: make them extra secure in production!
    Username:       "<Authn Username>",
    Password:       "<Authn Password>",

    // RECOMMENDED: Send private API calls to AuthN using private network routing. This can be
    // necessary if your environment has a firewall to limit public endpoints.
    PrivateBaseURL: "http://private.example.com",
  })
  fmt.Println(err)

  // SubjectFrom will return an AuthN account ID that you can use as to identify the user, if and
  // only if the token is valid.
  sub, err := authn.SubjectFrom(jwt1)
  fmt.Println(sub)
  fmt.Println(err)

  // LockAccount will lock an AuthN account using the same ID that you saw in the user's JWT when
  // they signed up. That account will be unable to log in until it is unlocked.
  //
  // See the godocs for all actions that you can take on an account.
  err = authn.LockAccount(accountID)
  fmt.Println(err)
}