Skip to content

Golang SDK for SSOReady. Add SAML + SCIM support to any Go application this afternoon.

License

Notifications You must be signed in to change notification settings

ssoready/ssoready-go

Repository files navigation

SSOReady-Go: SAML & SCIM for Golang

Go Reference

github.com/ssoready/ssoready-go is a Go SDK for the SSOReady API.

SSOReady is a set of open-source dev tools for implementing Enterprise SSO. You can use SSOReady to add SAML and SCIM support to your product this afternoon.

For example applications built using SSOReady-Go, check out:

Installation

Run the following:

go get github.com/ssoready/ssoready-go

Usage

This section provides a high-level overview of how SSOReady works, and how it's possible to implement SAML and SCIM in just an afternoon. For a more thorough introduction, visit the SAML quickstart or the SCIM quickstart.

The first thing you'll do is create a SSOReady client instance:

import (
	"github.com/ssoready/ssoready-go"
	ssoreadyclient "github.com/ssoready/ssoready-go/client"
)

ssoreadyClient := ssoreadyclient.NewClient()

SAML in two lines of code

SAML (aka "Enterprise SSO") consists of two steps: an initiation step where you redirect your users to their corporate identity provider, and a handling step where you log them in once you know who they are.

To initiate logins, you'll use SSOReady's Get SAML Redirect URL endpoint:

// this is how you implement a "Sign in with SSO" button
getRedirectURLRes, err := ssoreadyClient.SAML.GetSAMLRedirectURL(ctx, &ssoready.GetSAMLRedirectURLRequest{
    OrganizationExternalID: "...",
})
if err != nil { ... }

// redirect the user to getRedirectURLRes.RedirectURL ...

You can use whatever your preferred ID is for organizations (you might call them "workspaces" or "teams") as your OrganizationExternalID. You configure those IDs inside SSOReady, and SSOReady handles keeping track of that organization's SAML and SCIM settings.

To handle logins, you'll use SSOReady's Redeem SAML Access Code endpoint:

redeemRes, err := ssoreadyClient.SAML.RedeemSAMLAccessCode(ctx, &ssoready.RedeemSAMLAccessCodeRequest{
	SAMLAccessCode: "saml_access_code_...",
})

// log the user in as redeemRes.Email inside redeemRes.OrganizationExternalID

You configure the URL for your /ssoready-callback endpoint in SSOReady.

SCIM in one line of code

SCIM (aka "Enterprise directory sync") is basically a way for you to get a list of your customer's employees offline.

To get a customer's employees, you'll use SSOReady's List SCIM Users endpoint:

listSCIMUsersRes, err := ssoreadyClient.SCIM.ListSCIMUsers(ctx, &ssoready.SCIMListSCIMUsersRequest{
	OrganizationExternalID: "...",
})
if err != nil { ... }

// create users from each scim user
for _, scimUser := range listSCIMUsersRes.SCIMUsers { 
	// each scimUser has an ID, Email, Attributes, and Deleted
}

Contributing

Issues and PRs are more than welcome. Be advised that this library is largely autogenerated from ssoready/docs. Most code changes ultimately need to be made there, not on this repo.

About

Golang SDK for SSOReady. Add SAML + SCIM support to any Go application this afternoon.

Topics

Resources

License

Stars

Watchers

Forks

Languages