๐ go-iam - Awesome Go Library for Authentication and Authorization
Developer-first Identity and Access Management system with a simple UI
Detailed Description of go-iam
go-iam
go-iam is a lightweight, multi-tenant Identity and Access Management (IAM) server built in Golang. It provides robust authentication and fine-grained authorization for modern applications. With support for custom roles, third-party auth providers, and multi-client setups, go-iam gives you full control over access management in a scalable and modular way.
โ Admin UI: go-iam-ui
๐ณ Docker Setup: go-iam-docker
๐ Backend: go-iam
๐ฆ SDK: go-iam-sdk
๐ Examples: go-iam-examples ๐ฌ Reddit Community: r/GoIAM
โจ Features
๐ Multi-Tenancy
- Create and manage Projects
- Strict isolation of data between tenants
๐ Authentication Provider Integration
- Google, Microsoft, GitHub OAuth login support
- Easily extendable to add more providers
- Shared credentials support across multiple clients
๐งฉ Client Management
- Multiple apps (clients) per project
- Avoid duplicate OAuth credentials
๐งฑ Role-Based Access Control (RBAC)
- Define resources and group them into roles
- Create custom roles and assign to users
- Granular access control for different actions/resources
๐ ๏ธ Admin UI
- React-based Admin interface for managing:
- Projects
- Users
- Roles
- Resources
- Clients
๐งฐ Tech Stack
| Component | Tech |
|---|---|
| Backend | Golang |
| Database | MongoDB |
| Caching (opt) | Redis |
| Frontend | React + Vite (PNPM) |
๐ Getting Started
Option 1: ๐ง Manual Setup (Development)
Prerequisites
- Go 1.21+
- MongoDB
- Redis (optional, recommended)
- Google OAuth Credentials
Run the Backend
git clone https://github.com/melvinodsa/go-iam.git
cd go-iam
cp sample.env .env
go run main.go
Option 2: ๐ณ Docker-Based Local Setup (Recommended for Testing)
Use the official go-iam-docker repo to spin up everything with Docker Compose, including:
- MongoDB
- Redis
- go-iam (backend)
- go-iam-ui (admin frontend)
Steps
git clone https://github.com/melvinodsa/go-iam-docker.git
cd go-iam-docker
cp sample.env .env
docker compose up -d
Access
- Admin UI: http://localhost:4173
- API: http://localhost:3000
- API Docs: http://localhost:3000/docs
๐งช Testing
Running Tests
Due to the extensive test suite in this project, it's important to use the correct testing command to avoid test caching issues that might cause local tests to pass while CI/CD fails.
Use this command for reliable testing:
go test -count=1 ./... -v --race -cover
Flags explanation:
-count=1: Disables test result caching to ensure fresh test runs./...: Runs tests for all packages recursively-v: Verbose output showing individual test results--race: Enables race condition detection-cover: Shows test coverage information
Why -count=1 is important:
- With many tests, Go may cache results and show false positives locally
- CI/CD environments don't use cached results, leading to inconsistencies
- This flag ensures your local testing matches CI/CD behavior
Running Specific Test Suites
# Test specific package
go test -count=1 ./services/user -v --race -cover
# Test specific function
go test -count=1 ./services/user -v --race -cover -run TestCopyUserResources
๐ฆ Environment Variables
Some important environment variables used in .env:
| Variable | Description |
|---|---|
LOGGER_LEVEL | Logger level 1 - Debug (refer., https://docs.gofiber.io/api/log/) |
DB_HOST | MongoDB URI (e.g., mongodb://user:pass@host/db) |
JWT_SECRET | Secret key used for generating and verifying JWT tokens |
REDIS_HOST, REDIS_PASSWORD, ENABLE_REDIS | Redis host address and toggle to enable Redis caching |
ENCRYPTER_KEY | Optional symmetric key for encrypting sensitive fields - change this |
AUTH_PROVIDER_REFETCH_INTERVAL_IN_MINUTES | Interval in minutes to refetch and sync third-party auth providers |
TOKEN_CACHE_TTL_IN_MINUTES | Interval for which the authentication token should be valid |
License
- Community Edition: Apache 2.0 (Open Source, free to use)