rss twitter gitlab github linkedin
Go Tip: Azure Active Directory + JWT
Jul 17, 2018

Let’s cover how to use Azure Active Directory (for authentication) and JSON Web Tokens (for authorizing) your enterprise users in Go!

By the way this is not your classic How to use Go with JWT (search golang jwt on Google, or any other search engine for that) this is more focused on using specifically the actual Azure Active Directory service for getting the JSON Web Token and then using that to authorize your API.

Prerequisites

  1. You understand what JSON Web Tokens and OpenID Connect are.
  2. If you don’t have an Azure account, then register!, next make sure you activate the free account to properly have access to using Active Directory, don’t forget to de-active it in 30 days or you will spend moneys!
  3. Register your application with your Active Directory tenant, for the Application type use Web app / API; make sure you read that link completely to understand the rationale behind the final Go example.

If this is your first time using Azure Active Directory, a few really important things to know:

  • The Sign-on URL is supposed to be the endpoint used for authorization, you can always change it.
  • The Tenant is the xyz.onmicrosoft.com name, you get that by going to Azure Active Directory, it’s on the Overview tab.

Azure Active Directory Tenantimage full size

  • To enable returning Security Groups information in the claims you have to edit the Manifest and replace the value of groupMembershipClaims with SecurityGroup, basically this:

Azure Active Directory Manifestimage full size

  • For testing purposes create a few users and a few groups (use Security type), add some users to the groups, make sure you write down those Object IDs, those will be used as parameters for our Go program.

Taking it for a spin

Take a look at the existing repository, the important bits are the following:


The more you know


Back to posts