Iam Token Validator

Overview

iamtokenvalidator is a Go package designed to validate and decode JWT tokens using JSON Web Keys (JWK) fetched from a specified MC-IAM-MANAGER endpoint. It provides functionality to verify tokens and extract claims, supporting the RS256, RS384, and RS512 signing methods.

Installation

To install the package, use the following command:

go get github.com/m-cmp/mc-iam-manager/iamtokenvalidator

Usage

Importing the Package

To use iamtokenvalidator in your Go project, import it as follows:

import "github.com/m-cmp/mc-iam-manager/iamtokenvalidator"

Functions

GetPubkeyIamManager

Fetches the JWK set from the provided MC-IAM-MANAGER URL and prepares the public key for token validation.

func GetPubkeyIamManager(host string) error

Parameters:

• host: The base URL of the MC-IAM-MANAGER service.

Returns:

• error: An error if fetching the JWK set fails.

Example:

err := iamtokenvalidator.GetPubkeyIamManager("https://your-iam-manager-host")
if err != nil {
    log.Fatalf("Failed to get public key: %v", err)
}

IsTokenValid

Validates the given JWT token string using the previously fetched JWK set.

func IsTokenValid(tokenString string) error

Parameters:

• tokenString: The JWT token string to validate.

Returns:

• error: An error if the token is invalid.

Example:

err := iamtokenvalidator.IsTokenValid("your-jwt-token")
if err != nil {
    fmt.Printf("Token is invalid: %v", err)
} else {
    fmt.Println("Token is valid")
}

GetTokenClaimsByIamManagerClaims

Parses the given JWT token string and extracts claims defined in IamManagerClaims.

func GetTokenClaimsByIamManagerClaims(tokenString string) (*IamManagerClaims, error)

Parameters:

• tokenString: The JWT token string to parse.

Returns:

• *IamManagerClaims: The extracted claims.
• error: An error if the token is invalid.

Example:

claims, err := iamtokenvalidator.GetTokenClaimsByIamManagerClaims("your-jwt-token")
if err != nil {
    fmt.Printf("Failed to get claims: %v", err)
} else {
    fmt.Printf("UserID: %s, UserName: %s", claims.UserId, claims.UserName)
}

GetTokenClaimsByCustomClaims

Parses the given JWT token string and extracts custom claims defined by the user.

func GetTokenClaimsByCustomClaims(tokenString string, myclaims interface{}) (interface{}, error)

Parameters:

• tokenString: The JWT token string to parse.
• myclaims: A custom claims struct to extract.

Returns:

• interface{}: The extracted custom claims.
• error: An error if the token is invalid.

Example:

type CustomClaims struct {
    jwt.StandardClaims
    Email string `json:"email"`
}

var customClaims CustomClaims
claims, err := iamtokenvalidator.GetTokenClaimsByCustomClaims("your-jwt-token", &customClaims)
if err != nil {
    fmt.Printf("Failed to get custom claims: %v", err)
} else {
    fmt.Printf("Email: %s", claims.(*CustomClaims).Email)
}

Supporting Functions

keyfunction

A helper function to support the RS256, RS384, and RS512 signing methods.

func keyfunction(token *jwt.Token) (interface{}, error)

Buffalo Middleware Example

A helper function to support the RS256, RS384, and RS512 signing methods.

func init() {
	r = render.New(render.Options{
		DefaultContentType: "application/json",
	})

	KEYCLOAKHOST := os.Getenv("KEYCLOAK_HOST")
	KEYCLAOKREALM := os.Getenv("KEYCLAOK_REALM")
	fmt.Println("Trying to fetch Pubkey URL :", KEYCLOAKHOST)
	err := iamtokenvalidator.GetPubkeyIamManager(KEYCLOAKHOST + "/realms/" + KEYCLAOKREALM + "/protocol/openid-connect/certs")
	if err != nil {
		panic(err)
	}
}

License

This project is licensed under the Apache License. See the LICENSE file for details.

Contributing

Please feel free to submit issues, fork the repository, and send pull requests!