This is the official Go library for Authlete Web APIs.

Apache License, Version 2.0

https://github.com/authlete/authlete-go

import (
    "github.com/authlete/authlete-go/api"
    "github.com/authlete/authlete-go/conf"
    "github.com/authlete/authlete-go/dto"
    "github.com/authlete/authlete-go/types"
)

The following code simulates "Authorization Code Flow". Replace CLIENT_ID, SERVICE_API_KEY and SERVICE_API_SECRET in the code with your own properly. The code assumes that the client type of the client application is 'public' (otherwise client authentication would be required at the token endpoint) and the number of registered redirect URIs is one (otherwise redirect_uri request parameter would be required).

package main

import (
    "fmt"
    "github.com/authlete/authlete-go/api"
    "github.com/authlete/authlete-go/conf"
    "github.com/authlete/authlete-go/dto"
)

var (
    base_url = `https://api.authlete.com/`
    service_api_key = `SERVICE_API_KEY`
    service_api_secret = `SERVICE_API_SECRET`
    client_id = `CLIENT_ID`
    user_id = `USER_ID`
)

func main() {
    // Configuration to access Authlete APIs.
    cnf := createAuthleteConfiguration()

    // Authlete API caller.
    api := api.New(cnf)

    //------------------------------------------------------------
    // Authorization Request and Response
    //------------------------------------------------------------

    // Call /api/auth/authorization API. The API parses a given
    // authorization request and returns the parsed result.
    authRes, _ := callAuthorizationApi(api)

    // Call /api/auth/authorization/issue API. The API generates
    // a response for the authorization request.
    authIssueRes, _ := callAuthorizationIssueApi(api, authRes)

    // Authorization response returned to the user agent.
    fmt.Printf("HTTP/1.1 302 Found\n")
    fmt.Printf("Location: %s\n\n", authIssueRes.ResponseContent)

    //------------------------------------------------------------
    // Token Request and Response
    //------------------------------------------------------------

    // Call /api/auth/token API. The API parses a given token
    // request and generates a response for the token request.
    tokenRes, _ := callTokenApi(api, authIssueRes.AuthorizationCode)

    // Token response returned to the client.
    fmt.Printf("HTTP/1.1 200 OK\n")
    fmt.Printf("Content-Type: application/json\n\n")
    fmt.Println(tokenRes.ResponseContent)
}

func createAuthleteConfiguration() conf.AuthleteConfiguration {
    cnf := conf.AuthleteSimpleConfiguration{}
    cnf.SetBaseUrl(base_url)
    cnf.SetServiceApiKey(service_api_key)
    cnf.SetServiceApiSecret(service_api_secret)

    return &cnf
}

func callAuthorizationApi(api api.AuthleteApi) (
    *dto.AuthorizationResponse, *api.AuthleteError) {
    // Prepare a request to /api/auth/authorization API.
    // `Parameters` represents an authorization request.
    req := dto.AuthorizationRequest{}
    req.Parameters = fmt.Sprintf(
        `response_type=code&client_id=%s`, client_id)

    // Call /api/auth/authorization API.
    return api.Authorization(&req)
}

func callAuthorizationIssueApi(
    api api.AuthleteApi, res *dto.AuthorizationResponse) (
        *dto.AuthorizationIssueResponse, *api.AuthleteError) {
    // Prepare a request to /api/auth/authorization/issue API.
    req := dto.AuthorizationIssueRequest{}
    req.Ticket = res.Ticket
    req.Subject = user_id

    // Call /api/auth/authorization/issue API.
    return api.AuthorizationIssue(&req)
}

func callTokenApi(api api.AuthleteApi, code string) (
    *dto.TokenResponse, *api.AuthleteError) {
    // Prepare a request to /api/auth/token API.
    // `Parameters` represents a token request.
    req := dto.TokenRequest{}
    req.Parameters = fmt.Sprintf(
        `client_id=%s&grant_type=authorization_code&code=%s`, client_id, code)

    // Call /api/auth/token API.
    return api.Token(&req)
}

All the methods to communicate with Authlete Web APIs are gathered in api.AuthleteApi interface. An instance of the interface can be created by api.New(conf.AuthleteConfiguration) function. The function requires an instance of conf.AuthleteConfiguration interface.

// Prepare an instance of AuthleteConfiguration.
// AuthleteSimpleConfiguration is an implementation of the interface.
cnf := conf.AuthleteSimpleConfiguration{}
cnf.SetBaseUrl(...)
cnf.SetServiceOwnerApiKey(...)
cnf.SetServiceOwnerApiSecret(...)
cnf.SetServiceApiKey(...)
cnf.SetServiceApiSecret(...)

// Get an implementation of AuthleteApi interface.
api := api.New(&cnf)

There are three implementations of conf.AuthleteConfiguration interface: conf.AuthleteSimpleConfiguration (used in the above example), conf.AuthleteEnvConfiguration and conf.AuthleteTomlConfiguration.

conf.AuthleteEnvConfiguration reads settings from the following environment variables.

• AUTHLETE_BASE_URL
• AUTHLETE_SERVICEOWNER_APIKEY
• AUTHLETE_SERVICEOWNER_APISECRET
• AUTHLETE_SERVICE_APIKEY
• AUTHLETE_SERVICE_APISECRET

Each method of conf.AuthleteEnvConfiguration reads its corresponding environment variable, so what you have to do in Go code is just to create an instance of the struct.

cnf := conf.AuthleteEnvConfiguration{}

On the other hand, conf.AuthleteTomlConfiguration reads a TOML file. The format of the file conf.AuthleteTomlConfiguration expects is as follows.

BaseUrl               = "..."
ServiceOwnerApiKey    = "..."
ServiceOwnerApiSecret = "..."
ServiceApiKey         = "..."
ServiceApiSecret      = "..."

Load(file string) method loads a TOML file and sets up internal variables. The method needs to be called before use.

cnf := AuthleteTomlConfiguration{}
cnf.Load(`authlete.toml`)

Settings() method of api.AuthleteApi interface returns an instance of api.Settings. You can set network timeout via the instance.

import "time"

settings := api.Settings()
settings.Timeout = time.Duration(5) * time.Second

Methods in api.AuthleteApi interface can be divided into some categories.

• Authorization(request *dto.AuthorizationRequest) (*dto.AuthorizationResponse, *AuthleteError)
• AuthorizationFail(request *dto.AuthorizationFailRequest) (*dto.AuthorizationFailResponse, *AuthleteError)
• AuthorizationIssue(request *dto.AuthorizationIssueRequest) (*dto.AuthorizationIssueResponse, *AuthleteError)

• Token(request *dto.TokenRequest) (*dto.TokenResponse, *AuthleteError)
• TokenFail(request *dto.TokenFailRequest) (*dto.TokenFailResponse, *AuthleteError)
• TokenIssue(request *dto.TokenIssueRequest) (*dto.TokenIssueResponse, *AuthleteError)

• CreateService(service *dto.Service) (*dto.Service, *AuthleteError)
• DeleteService(apiKey interface{}) *AuthleteError
• GetService(apiKey interface{}) (*dto.Service, *AuthleteError)
• GetServiceList(start uint32, end uint32) (*dto.ServiceListResponse, *AuthleteError)
• UpdateService(service *dto.Service) (*dto.Service, *AuthleteError)

• CreateClient(client *dto.Client) (*dto.Client, *AuthleteError)
• DeleteClient(clientIdentifier interface{}) *AuthleteError
• GetClient(clientIdentifier interface{}) (*dto.Client, *AuthleteError)
• GetClientList(developer string, start uint32, end uint32) (*dto.ClientListResponse, *AuthleteError)
• UpdateClient(client *dto.Client) (*dto.Client, *AuthleteError)
• RefreshClientSecret(clientIdentifier interface{}) (*dto.ClientSecretRefreshResponse, *AuthleteError)
• UpdateClientSecret(clientIdentifier interface{}, clientSecret string) (*dto.ClientSecretUpdateResponse, *AuthleteError)

• Introspection(request *dto.IntrospectionRequest) (*dto.IntrospectionResponse, *AuthleteError)
• StandardIntrospection(request *dto.StandardIntrospectionRequest) (*dto.StandardIntrospectionResponse, *AuthleteError)
• GetTokenList(clientIdentifier string, subject string, start uint32, end uint32) (*dto.TokenListResponse, *AuthleteError)

• Revocation(request *dto.RevocationRequest) (*dto.RevocationResponse, *AuthleteError)

• UserInfo(request *dto.UserInfoRequest) (*dto.UserInfoResponse, *AuthleteError)
• UserInfoIssue(request *dto.UserInfoIssueRequest) (*dto.UserInfoIssueResponse, *AuthleteError)

• GetServiceJwks(pretty bool, includePrivateKeys bool) (string, *AuthleteError)

• GetServiceConfiguration(pretty bool) (string, *AuthleteError)

• TokenCreate(request *dto.TokenCreateRequest) (*dto.TokenCreateResponse, *AuthleteError)
• TokenDelete(token string) *AuthleteError
• TokenUpdate(request *dto.TokenUpdateRequest) (*dto.TokenUpdateResponse, *AuthleteError)

• GetRequestableScopes(clientIdentifier interface{}) ([]string, *AuthleteError)
• SetRequestableScopes(clientIdentifier interface{}, scopes []string) ([]string, *AuthleteError)
• DeleteRequestableScopes(clientIdentifier interface{}) *AuthleteError

• GetGrantedScopes(clientIdentifier interface{}, subject string) (*dto.GrantedScopesGetResponse, *AuthleteError)
• DeleteGrantedScopes(clientIdentifier interface{}, subject string) *AuthleteError

• DeleteClientAuthorization(clientIdentifier interface{}, subject string) *AuthleteError
• GetClientAuthorizationList(request *dto.ClientAuthorizationGetListRequest) (*dto.AuthorizedClientListResponse, *AuthleteError)
• UpdateClientAuthorization(clientIdentifier interface{}, request *dto.ClientAuthorizationUpdateRequest) *AuthleteError

• VerifyJose(request *dto.JoseVerifyRequest) (*dto.JoseVerifyResponse, *AuthleteError)

• BackchannelAuthentication(request *dto.BackchannelAuthenticationRequest) (*dto.BackchannelAuthenticationResponse, *AuthleteError)
• BackchannelAuthenticationIssue(request *dto.BackchannelAuthenticationIssueRequest) (*dto.BackchannelAuthenticationIssueResponse, *AuthleteError)
• BackchannelAuthenticationFail(request *dto.BackchannelAuthenticationFailRequest) (*dto.BackchannelAuthenticationFailResponse, *AuthleteError)
• BackchannelAuthenticationComplete(request *dto.BackchannelAuthenticationCompleteRequest) (*dto.BackchannelAuthenticationCompleteResponse, *AuthleteError)

• DynamicClientRegister(request *dto.ClientRegistrationRequest) (*dto.ClientRegistrationResponse, *AuthleteError)
• DynamicClientGet(request *dto.ClientRegistrationRequest) (*dto.ClientRegistrationResponse, *AuthleteError)
• DynamicClientUpdate(request *dto.ClientRegistrationRequest) (*dto.ClientRegistrationResponse, *AuthleteError)
• DynamicClientDelete(request *dto.ClientRegistrationRequest) (*dto.ClientRegistrationResponse, *AuthleteError)

• DeviceAuthorization(request *dto.DeviceAuthorizationRequest) (*dto.DeviceAuthorizationResponse, *AuthleteError)
• DeviceComplete(request *dto.DeviceCompleteRequest) (*dto.DeviceCompleteResponse, *AuthleteError)
• DeviceVerification(request *dto.DeviceVerificationRequest) (*dto.DeviceVerificationResponse, *AuthleteError)

• PushAuthorizationRequest(request *dto.PushedAuthReqRequest) (*dto.PushedAuthReqResponse, *AuthleteError)

Some APIs and features don't work (even if they are defined in the api.AuthleteApi interface) if Authlete API server you use doesn't support them. For example, CIBA works only in Authlete 2.1 onwards. Please contact us if you want to use newer Authlete versions.

Features available in Authlete 2.0 and onwards:

• Financial-grade API (FAPI)
• OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens (MTLS)
• JWT-based Client Authentication (RFC 7523)
• Scope attributes
• UK Open Banking Security Profile

Features available in Authlete 2.1 and onwards:

• Client Initiated Backchannel Authentication (CIBA)
• JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)
• Dynamic Client Registration (RFC 7591 & RFC 7592)
• OAuth 2.0 Device Authorization Grant (Device Flow)
• JWT-based Access Token

See Spec Sheet for further details.

Contact Form : https://www.authlete.com/contact/