github.com/ssoready/ssoready-go
is a Go SDK for the
SSOReady API.
SSOReady is a set of open-source dev tools for implementing Enterprise SSO. You can use SSOReady to add SAML and SCIM support to your product this afternoon.
For example applications built using SSOReady-Go, check out:
Run the following:
go get github.com/ssoready/ssoready-go
This section provides a high-level overview of how SSOReady works, and how it's possible to implement SAML and SCIM in just an afternoon. For a more thorough introduction, visit the SAML quickstart or the SCIM quickstart.
The first thing you'll do is create a SSOReady client instance:
import (
"github.com/ssoready/ssoready-go"
ssoreadyclient "github.com/ssoready/ssoready-go/client"
)
ssoreadyClient := ssoreadyclient.NewClient()
SAML (aka "Enterprise SSO") consists of two steps: an initiation step where you redirect your users to their corporate identity provider, and a handling step where you log them in once you know who they are.
To initiate logins, you'll use SSOReady's Get SAML Redirect URL endpoint:
// this is how you implement a "Sign in with SSO" button
getRedirectURLRes, err := ssoreadyClient.SAML.GetSAMLRedirectURL(ctx, &ssoready.GetSAMLRedirectURLRequest{
OrganizationExternalID: "...",
})
if err != nil { ... }
// redirect the user to getRedirectURLRes.RedirectURL ...
You can use whatever your preferred ID is for organizations (you might call them
"workspaces" or "teams") as your OrganizationExternalID
. You configure those
IDs inside SSOReady, and SSOReady handles keeping track of that organization's
SAML and SCIM settings.
To handle logins, you'll use SSOReady's Redeem SAML Access Code endpoint:
redeemRes, err := ssoreadyClient.SAML.RedeemSAMLAccessCode(ctx, &ssoready.RedeemSAMLAccessCodeRequest{
SAMLAccessCode: "saml_access_code_...",
})
// log the user in as redeemRes.Email inside redeemRes.OrganizationExternalID
You configure the URL for your /ssoready-callback
endpoint in SSOReady.
SCIM (aka "Enterprise directory sync") is basically a way for you to get a list of your customer's employees offline.
To get a customer's employees, you'll use SSOReady's List SCIM Users endpoint:
listSCIMUsersRes, err := ssoreadyClient.SCIM.ListSCIMUsers(ctx, &ssoready.SCIMListSCIMUsersRequest{
OrganizationExternalID: "...",
})
if err != nil { ... }
// create users from each scim user
for _, scimUser := range listSCIMUsersRes.SCIMUsers {
// each scimUser has an ID, Email, Attributes, and Deleted
}
Issues and PRs are more than welcome. Be advised that this library is largely
autogenerated from ssoready/docs
. Most
code changes ultimately need to be made there, not on this repo.