Go SDK

Chi/Gin/net-http middleware for JWT verification, RBAC, and cloud credentials.

Install

go get github.com/queflyhq/authfi/sdk/go

Initialize

import authfi "github.com/queflyhq/authfi/sdk/go"

auth := authfi.New(authfi.Config{
    Tenant:        "acme",
    APIKey:        "sk_live_...",
    ApplicationID: "your-client-id",
    AutoSync:      true,
})

Middleware (Chi)

// Require permission
r.With(auth.Require("read:users")).Get("/api/users", handler)

// Require role
r.With(auth.RequireRole("admin")).Post("/api/admin", handler)

// Just authenticate
r.With(auth.Authenticate()).Get("/api/profile", handler)

Get User from Context

func handler(w http.ResponseWriter, r *http.Request) {
    user := authfi.GetUser(r.Context())
    // user.ID, user.Email, user.Roles, user.Permissions, user.Groups, user.TenantID
    json.NewEncoder(w).Encode(user)
}

Permission Registration

auth.RegisterPermission("read:users", "List all users")
auth.RegisterPermission("write:users", "Create and update users")

// Sync to AuthFI (call once at startup)
go auth.Sync()

Token Verification

claims, err := auth.VerifyToken(tokenString)
if err != nil {
    // invalid or expired
}
// claims.Subject, claims.Email, claims.Roles, etc.

Cloud Credentials

creds, err := auth.CloudCredentials(userToken, "aws", map[string]string{
    "roleArn": "arn:aws:iam::123:role/MyRole",
})
// creds.AccessKeyID, creds.SecretAccessKey, creds.SessionToken

token, err := auth.CloudToken(userToken, "custom-audience", 900)
// token = raw OIDC JWT string