177 lines
5.1 KiB
Org Mode
177 lines
5.1 KiB
Org Mode
#+TITLE: MCIAS Client SDK
|
|
|
|
The MCIAS Client SDK provides a Go client for interacting with the Metacircular Identity and Access System (MCIAS). It allows applications to authenticate users and retrieve database credentials from an MCIAS server.
|
|
|
|
* Installation
|
|
|
|
#+BEGIN_SRC bash
|
|
go get git.wntrmute.dev/kyle/mcias/client
|
|
#+END_SRC
|
|
|
|
* Usage
|
|
|
|
** Creating a Client
|
|
|
|
#+BEGIN_SRC go
|
|
import "git.wntrmute.dev/kyle/mcias/client"
|
|
|
|
// Create a client with default settings (connects to http://localhost:8080)
|
|
c := client.NewClient()
|
|
|
|
// Create a client with custom settings
|
|
c := client.NewClient(
|
|
client.WithBaseURL("https://mcias.example.com"),
|
|
client.WithUsername("username"),
|
|
client.WithToken("existing-token"),
|
|
)
|
|
#+END_SRC
|
|
|
|
** Authentication
|
|
|
|
*** Password Authentication
|
|
|
|
#+BEGIN_SRC go
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
|
|
tokenResp, err := c.LoginWithPassword(ctx, "username", "password")
|
|
if err != nil {
|
|
log.Fatalf("Failed to login: %v", err)
|
|
}
|
|
|
|
fmt.Printf("Authenticated with token: %s\n", tokenResp.Token)
|
|
fmt.Printf("Token expires at: %s\n", time.Unix(tokenResp.Expires, 0).Format(time.RFC3339))
|
|
|
|
// Check if TOTP verification is required
|
|
if tokenResp.TOTPEnabled {
|
|
fmt.Println("TOTP verification required")
|
|
// See TOTP Verification section
|
|
}
|
|
#+END_SRC
|
|
|
|
*** Token Authentication
|
|
|
|
#+BEGIN_SRC go
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
|
|
tokenResp, err := c.LoginWithToken(ctx, "username", "existing-token")
|
|
if err != nil {
|
|
log.Fatalf("Failed to login with token: %v", err)
|
|
}
|
|
|
|
fmt.Printf("Authenticated with token: %s\n", tokenResp.Token)
|
|
fmt.Printf("Token expires at: %s\n", time.Unix(tokenResp.Expires, 0).Format(time.RFC3339))
|
|
#+END_SRC
|
|
|
|
*** TOTP Verification
|
|
|
|
If TOTP is enabled for a user, you'll need to verify a TOTP code after password authentication:
|
|
|
|
#+BEGIN_SRC go
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
|
|
totpResp, err := c.VerifyTOTP(ctx, "username", "123456") // Replace with actual TOTP code
|
|
if err != nil {
|
|
log.Fatalf("Failed to verify TOTP: %v", err)
|
|
}
|
|
|
|
fmt.Printf("TOTP verified, token: %s\n", totpResp.Token)
|
|
fmt.Printf("Token expires at: %s\n", time.Unix(totpResp.Expires, 0).Format(time.RFC3339))
|
|
#+END_SRC
|
|
|
|
** Retrieving Database Credentials
|
|
|
|
Once authenticated, you can retrieve database credentials:
|
|
|
|
#+BEGIN_SRC go
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
|
|
dbCreds, err := c.GetDatabaseCredentials(ctx)
|
|
if err != nil {
|
|
log.Fatalf("Failed to get database credentials: %v", err)
|
|
}
|
|
|
|
fmt.Printf("Database Host: %s\n", dbCreds.Host)
|
|
fmt.Printf("Database Port: %d\n", dbCreds.Port)
|
|
fmt.Printf("Database Name: %s\n", dbCreds.Name)
|
|
fmt.Printf("Database User: %s\n", dbCreds.User)
|
|
fmt.Printf("Database Password: %s\n", dbCreds.Password)
|
|
#+END_SRC
|
|
|
|
* Complete Example
|
|
|
|
Here's a complete example showing the authentication flow and database credential retrieval:
|
|
|
|
#+BEGIN_SRC go
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"log"
|
|
"time"
|
|
|
|
"git.wntrmute.dev/kyle/mcias/client"
|
|
)
|
|
|
|
func main() {
|
|
// Create a new client
|
|
c := client.NewClient()
|
|
|
|
// Create a context with timeout
|
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
|
defer cancel()
|
|
|
|
// Authenticate with username and password
|
|
tokenResp, err := c.LoginWithPassword(ctx, "username", "password")
|
|
if err != nil {
|
|
log.Fatalf("Failed to login: %v", err)
|
|
}
|
|
|
|
fmt.Printf("Authenticated with token: %s\n", tokenResp.Token)
|
|
fmt.Printf("Token expires at: %s\n", time.Unix(tokenResp.Expires, 0).Format(time.RFC3339))
|
|
|
|
// If TOTP is enabled, verify the TOTP code
|
|
if tokenResp.TOTPEnabled {
|
|
fmt.Println("TOTP is enabled, please enter your TOTP code")
|
|
var totpCode string
|
|
fmt.Scanln(&totpCode)
|
|
|
|
totpResp, err := c.VerifyTOTP(ctx, "username", totpCode)
|
|
if err != nil {
|
|
log.Fatalf("Failed to verify TOTP: %v", err)
|
|
}
|
|
|
|
fmt.Printf("TOTP verified, new token: %s\n", totpResp.Token)
|
|
fmt.Printf("Token expires at: %s\n", time.Unix(totpResp.Expires, 0).Format(time.RFC3339))
|
|
}
|
|
|
|
// Get database credentials
|
|
dbCreds, err := c.GetDatabaseCredentials(ctx)
|
|
if err != nil {
|
|
log.Fatalf("Failed to get database credentials: %v", err)
|
|
}
|
|
|
|
fmt.Printf("Database Host: %s\n", dbCreds.Host)
|
|
fmt.Printf("Database Port: %d\n", dbCreds.Port)
|
|
fmt.Printf("Database Name: %s\n", dbCreds.Name)
|
|
fmt.Printf("Database User: %s\n", dbCreds.User)
|
|
fmt.Printf("Database Password: %s\n", dbCreds.Password)
|
|
}
|
|
#+END_SRC
|
|
|
|
* Error Handling
|
|
|
|
All methods return errors that should be checked. The errors include detailed information about what went wrong, including API error messages when available.
|
|
|
|
* Configuration Options
|
|
|
|
The client can be configured with the following options:
|
|
|
|
- =WithBaseURL(baseURL string)=: Sets the base URL of the MCIAS server (default: "http://localhost:8080")
|
|
- =WithHTTPClient(httpClient *http.Client)=: Sets a custom HTTP client (default: http.Client with 10s timeout)
|
|
- =WithToken(token string)=: Sets an authentication token
|
|
- =WithUsername(username string)=: Sets a username |