README
¶
go-authenticator
go-authenticator is an open-source framework for user authentication in Go applications. It supports multiple authentication methods, including username and password authentication, SASL (Simple Authentication and Security Layer) authentication, and certificate-based authentication.
Built for flexibility and extensibility, go-authenticator allows developers to easily integrate custom authentication methods. It provides a unified interface for handling authentication requests and responses and is used as the authentication component in the following projects:
Features
go-authenticator is an open-source framework designed to simplify user authentication in Go applications. It supports various authentication methods, including:
- User Authentication with username and password
- SASL Authentication for secure, extensible mechanisms
- Certificate Authentication via TLS certificates
go-authenticator is a powerful and extensible framework for managing user authentication in Go applications. Its support for multiple authentication methods and seamless integration makes it an excellent choice for building secure, scalable systems.
Getting Started
go-authenticator provides an authentication manager to handle the authentication process. The manager can be configured with different authentication methods, such as credential authentication, SASL authentication, and certificate authentication.
type Manager interface {
SetCredentialAuthenticator(auth CredentialAuthenticator)
VerifyCredential(conn auth.Conn, q auth.Query) (bool, error)
SetCredentialStore(store CredentialStore)
CredentialStore() CredentialStore
SetCertificateAuthenticator(auth CertificateAuthenticator)
VerifyCertificate(conn tls.Conn) (bool, error)
Mechanisms() []sasl.Mechanism
Mechanism(name string) (sasl.Mechanism, error)
}
Credential Authentication
This section explains how to authenticate users based on credentials using the CredentialAuthenticator interface.
CredentialStore
go-authenticator includes a default credential authenticator that uses CredentialStore. You can set the CredentialStore by calling Manager::SetCredentialStore.
type CredentialStore interface {
LookupCredential(q Query) (Credential, bool, error)
}
LookupCredential returns true if the queried credential is found. If not, it returns false. Detailed failure information can be returned via an error.
CredentialAuthenticator
The default authenticator can be replaced by a custom one. CredentialAuthenticator verifies users based on their credentials. The VerifyCredential method takes a connection, a query, and a credential, returning a boolean indicating successful authentication.
type CredentialAuthenticator interface {
VerifyCredential(conn Conn, q Query, cred Credential) (bool, error)
}
The VerifyCredential method should return true or false based on credential validity. Detailed failure information can be returned via an error.
Examples
To integrate user authentication into your application, refer to the examples below:
SASL Authentication
go-authenticator includes the go-sasl package, providing SASL mechanisms for authentication. For details on using the SASL API, see the go-sasl documentation.
Examples
For SASL authentication integration, refer to the examples below:
Certificate Authentication
This section explains how to authenticate users via TLS certificates using the CertificateAuthenticator interface.
CertificateAuthenticator
CertificateAuthenticator verifies users by inspecting the TLS connection certificate.
type CertificateAuthenticator interface {
VerifyCertificate(conn tls.Conn) (bool, error)
}
To create a CertificateAuthenticator, use the NewCertificateAuthenticator function. This authenticates users based on common names (CN) in TLS certificates.
Enable certificate authentication by setting the CertificateAuthenticator instance via SetCertificateAuthenticator.
mgr := auth.NewManager()
ca, err := auth.NewCertificateAuthenticator(
auth.WithCommonNameRegexp("localhost"))
if err != nil {
t.Error(err)
return
}
mgr.SetCertificateAuthenticator(ca)
By following these steps, you can enhance application security through TLS certificate verification.
Examples
For certificate authentication integration, refer to the examples below:
Directories