README

aice-auth — Go

Go implementation of the aice-auth contract defined at https://gitlab.com/aice-lab/auth/spec.

This module provides the Go-side primitives a service needs to act as an OIDC relying party against an aice-auth issuer: JWT verification, with refresh-rotation, JWKS rotation, and OIDC client helpers landing in subsequent releases.

Status

The package layout is currently internal/jwtverify while the API stabilizes; once the conformance suite from auth/spec is wired in, it will be promoted to a stable public package path.

Quickstart

package main

import (
    "fmt"

    "gitlab.com/aice-lab/auth/go/internal/jwtverify"
)

func main() {
    jwksDoc := []byte(`{"keys":[...]}`) // fetched from issuer's jwks_uri
    tokenStr := "eyJhbGciOiJFUzI1NiIs..."

    jwks, err := jwtverify.FromJSON(jwksDoc)
    if err != nil {
        panic(err)
    }

    claims, err := jwtverify.Verify(tokenStr, jwks, jwtverify.VerifyOptions{
        Issuer:   "https://id.example.com",
        Audience: "example-app",
    })
    if err != nil {
        fmt.Println("invalid token:", err)
        return
    }

    fmt.Println("subject:", claims["sub"])
}

Install

go get gitlab.com/aice-lab/auth/go@latest

Module path: gitlab.com/aice-lab/auth/go. Go 1.23+.

Development

git clone git@gitlab.com:aice-lab/auth/go.git
cd go
go test ./...
go test -coverprofile=coverage.out ./... && go tool cover -func=coverage.out

License

Source: FSL-1.1-Apache-2.0 (see LICENSE and LICENSE.FAQ.md).

Documentation

Full documentation: https://auth.aice-lab.org

Contributing

See CONTRIBUTING.md. All commits require DCO sign-off.

Reporting security issues

See SECURITY.md. Do not open public issues for vulnerabilities.

This is a snapshot generated from GitLab. For the live README, see the project page.