IAM-Bridge is a flexible Identity and Access Management (IAM) wrapper service that provides a unified interface for integrating with various IAM providers such as Keycloak, Okta, Auth0, and AWS Cognito. The service allows switching between different IAM providers through configuration without requiring application redeployment.
- Multi-Provider Support: Seamlessly integrate with different IAM providers
- Hot Configuration Reload: Change IAM providers without service restart
- Standardized API: Consistent API regardless of the underlying IAM provider
- Security-First Design: Implements security best practices
- Observable: Comprehensive logging and monitoring
- Developer Friendly: Hot reloading for rapid development
- Docker Ready: Containerized deployment support
- Production Ready: Includes health checks, graceful shutdown, and error handling
- Go 1.21 or higher
- Docker and Docker Compose (for containerized deployment)
- Make (optional, for using Makefile commands)
-
Clone the Repository
git clone https://github.com/zahidhasanpapon/iam-bridge cd iam-bridge -
Set Up Configuration
# Copy example environment file cp .env.example .env # Edit .env with your IAM provider credentials vim .env
-
Run the Service
# Using Go directly go run cmd/api/main.go # Using Make make run # Using Docker Compose make docker-run
# Install development dependencies
make init
# Run with hot reload
make dev
# Run tests
make test
# Run linter
make lint# Build Docker image
make docker-build
# Run with Docker Compose
make docker-run
# Stop containers
make docker-stop# Application
APP_ENVIRONMENT=development
APP_PORT=8080
# Keycloak
KEYCLOAK_BASE_URL=http://localhost:8180
KEYCLOAK_REALM=master
KEYCLOAK_CLIENT_ID=your-client-id
KEYCLOAK_CLIENT_SECRET=your-client-secret
# Logging
LOG_LEVEL=debug
LOG_FORMAT=jsonapp:
name: iam-bridge
environment: development
port: 8080
debug: true
iam:
provider: keycloak # Can be: keycloak, okta, auth0, cognito
keycloak:
base_url: ${KEYCLOAK_BASE_URL}
realm: ${KEYCLOAK_REALM}
client_id: ${KEYCLOAK_CLIENT_ID}
client_secret: ${KEYCLOAK_CLIENT_SECRET}
# ... additional configurationPOST /api/v1/auth/login- Authenticate userPOST /api/v1/auth/logout- Logout userPOST /api/v1/auth/refresh- Refresh tokenGET /api/v1/auth/validate- Validate token
GET /api/v1/users/:id- Get user infoPUT /api/v1/users/:id- Update user infoPOST /api/v1/users/:id/roles- Assign roleDELETE /api/v1/users/:id/roles/:role- Remove roleGET /api/v1/users/:id/roles- Get user roles
- HTTPS/TLS support
- CORS configuration
- Rate limiting
- Request ID tracking
- Structured logging
- Panic recovery
- Error handling middleware
iam-bridge/
├── cmd/
│ └── app/
│ └── main.go
├── internal/
│ ├── server/
│ ├── config/
│ ├── logger/
│ ├── middleware/
│ ├── providers/
│ └── routes/
├── pkg/
├── api/
├── config/
├── docs/
├── scripts/
├── test/
└── ... configuration files
- Create a new provider file in
internal/providers/ - Implement the
IAMProviderinterface - Add the provider to the factory in
iam_provider.go - Update configuration structure in
config.go
Example:
type NewProvider struct {
// Provider-specific fields
}
func NewNewProvider(cfg Config) (IAMProvider, error) {
// Implementation
}
func (p *NewProvider) Login(ctx context.Context, username, password string) (string, error) {
// Implementation
}
// Implement other interface methods- Structured JSON logging
- Request/Response logging
- Error tracking
- Health check endpoint
- Performance metrics
# Run all tests
make test
# Run tests with coverage
make coverage
# Run linter
make lintThis project is licensed under the MIT License—see the LICENSE file for details.
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Your Name - @zahidhasan
Project Link: https://github.com/zahidhasanpapon/iam-bridge