Advanced Guide
HTTP Authentication
Authentication is a crucial aspect of web applications, controlling access to resources based on user roles or permissions. It is the process of verifying a user's identity to grant access to protected resources. It ensures that only authenticated users can perform actions or access data within an application.
GoFr offer various approaches to implement authorization.
1. HTTP Basic Auth
Basic Authentication is a simple HTTP authentication scheme where the user's credentials (username and password) are transmitted in the request header in a Base64-encoded format.
Basic auth is the simplest way to authenticate your APIs. It's built on HTTP protocol authentication scheme. It involves sending the prefix Basic trailed by the Base64-encoded <username>:<password> within the standard Authorization header.
Basic Authentication in GoFr
GoFr offers two ways to implement basic authentication:
1. Predefined Credentials
Use EnableBasicAuth(username, password) to configure GoFr with pre-defined credentials.
func main() {
app := gofr.New()
app.EnableBasicAuth("admin", "secret_password") // Replace with your credentials
app.GET("/protected-resource", func(c *gofr.Context) (interface{}, error) {
// Handle protected resource access
return nil, nil
})
app.Run()
}
2. Custom Validation Function
Use EnableBasicAuthWithFunc(validationFunc) to implement your own validation logic for credentials. The validationFunc takes the username and password as arguments and returns true if valid, false otherwise.
func validateUser(username string, password string) bool {
// Implement your credential validation logic here
// This example uses hardcoded credentials for illustration only
return username == "john" && password == "doe123"
}
func main() {
app := gofr.New()
app.EnableBasicAuthWithFunc(validateUser)
app.GET("/secure-data", func(c *gofr.Context) (interface{}, error) {
// Handle access to secure data
return nil, nil
})
app.Run()
}
Adding Basic Authentication to HTTP Services
This code snippet demonstrates how to add basic authentication to an HTTP service in GoFr and make a request with the appropriate Authorization header:
app.AddHTTPService("order", "https://localhost:2000",
&service.Authentication{UserName: "abc", Password: "pass"},
)
2. API Keys Auth
API Key Authentication is an HTTP authentication scheme where a unique API key is included in the request header for validation against a store of authorized keys.
Usage:
GoFr offers two ways to implement API Keys authentication.
1. Framework Default Validation
- GoFr's default validation can be selected using EnableAPIKeyAuth(apiKeys ...string)
package main
func main() {
// initialise gofr object
app := gofr.New()
app.EnableAPIKeyAuth("9221e451-451f-4cd6-a23d-2b2d3adea9cf", "0d98ecfe-4677-48aa-b463-d43505766915")
app.GET("/customer", Customer)
app.Run()
}
2. Custom Validation Function
- GoFr allows a custom validator function
apiKeyValidator(apiKey string) boolfor validating APIKeys and pass the func in EnableAPIKeyAuthWithFunc(validator)
package main
func apiKeyValidator(apiKey string) bool {
validKeys := []string{"f0e1dffd-0ff0-4ac8-92a3-22d44a1464e4", "d7e4b46e-5b04-47b2-836c-2c7c91250f40"}
return slices.Contains(validKeys, apiKey)
}
func main() {
// initialise gofr object
app := gofr.New()
app.EnableAPIKeyAuthWithFunc(apiKeyValidator)
app.GET("/customer", Customer)
app.Run()
}
Adding API-KEY Authentication to HTTP Services
This code snippet demonstrates how to add API Key authentication to an HTTP service in GoFr and make a request with the appropriate Authorization header:
app.AddHTTPService("http-server-using-redis", "http://localhost:8000", &service.APIKeyConfig{APIKey: "9221e451-451f-4cd6-a23d-2b2d3adea9cf"})
3. OAuth 2.0
OAuth 2.0 is the industry-standard protocol for authorization. It focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.
It involves sending the prefix Bearer trailed by the encoded token within the standard Authorization header.
OAuth Authentication in GoFr
GoFr supports authenticating tokens encoded by algorithm RS256/384/512.
App level Authentication
Enable OAuth 2.0 with three-legged flow to authenticate requests
Use EnableOAuth(jwks-endpoint,refresh_interval) to configure GoFr with pre-defined credentials.
func main() {
app := gofr.New()
app.EnableOAuth("http://jwks-endpoint", 20)
app.GET("/protected-resource", func(c *gofr.Context) (interface{}, error) {
// Handle protected resource access
return nil, nil
})
app.Run()
}
Adding OAuth Authentication to HTTP Services
For server-to-server communication it follows two-legged OAuth, also known as "client credentials" flow, where the client application directly exchanges its own credentials (ClientID and ClientSecret) for an access token without involving any end-user interaction.
This code snippet demonstrates how two-legged OAuth authentication is added to an HTTP service in GoFr and make a request with the appropriate Authorization header:
app.AddHTTPService("orders", "http://localhost:9000",
&service.OAuthConfig{ // Replace with your credentials
ClientID: "0iyeGcLYWudLGqZfD6HvOdZHZ5TlciAJ",
ClientSecret: "GQXTY2f9186nUS3C9WWi7eJz8-iVEsxq7lKxdjfhOJbsEPPtEszL3AxFn8k_NAER",
TokenURL: "https://dev-zq6tvaxf3v7p0g7j.us.auth0.com/oauth/token",
Scopes: []string{"read:order"},
EndpointParams: map[string][]string{
"audience": {"https://dev-zq6tvaxf3v7p0g7j.us.auth0.com/api/v2/"},
},
})