• category: SDK
• copyright: 2016 MIRACL UK LTD
• license: ASL 2.0 - http://www.apache.org/licenses/LICENSE-2.0
• link: https://github.com/miracl/maas-sdk-go

GO version of the Software Development Kit (SDK) for MPin-As-A-Service (MAAS).

Get it with go get github.com/miracl/maas-sdk-go.

There are two packages there - maas (in the root folder) and demo (in folder demo).

Package maas is the SDK. To use it, add import "github.com/miracl/maas-sdk-go".

Package demo, located in a subdirectory named correspondingly, is an example application that uses the SDK.

To run tests with go test in the root folder.

All interaction with API happens through mass.Client interface. Each application needs to construct instance of maas.Client.

To start using MAAS API, maas.Client can be initialized with the maas.NewClient function . This function accepts a single argument, maas.Config. In general it is needed to populate the ClientID, ClientSecret and RedirectURI parameters.

client, err := maas.NewClient(maas.Config{
        ClientID:     CLIENT_ID,
        ClientSecret: CLIENT_SECRET,
        RedirectURI:  REDIRECT_URL,
    })

CLIENT_ID and CLIENT_SECRET can be obtained from Miracl (unique per application). REDIRECT_URI is URI of your application end-point that will be responsible obtaining token. It should be the same as registered in Miracl system for this client ID. DISCOVERY_URL is the provider discovery URL.

Please note that this initialization includes (at least one) network call to discovery endpoint, so it is recommended to do it at a proper time.

Authorization flow depends on mpin.js browser library. mpad.js depends on jquery and bootstrap.To use it, load it in the bottom of the <body> element of page responsible for login, by populating AUTH_URL (see below):

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="/static/js/bootstrap.min.js"></script>
...
<script src="<<Insert correct mpad url here>>" data-authurl="{{ .AuthURL }}" data-element="btmpin"></script>

Please refer to your distributor-specific documentation to find the correct url for the mpad.js script src

If user is not authorized, use client.GetAuthRequestURL(state) to get authorization request URL and set client internal state. Returned URL should be used with mpad.js - AUTH_URL in the sample. After user interaction with Miracl system user will be sent to RedirectURI defined at creation of maas.Client.

To complete authorization pass the authorization code (from the query string received on redirect_uri) toclient.ValidateAuth(code). This method will return access and identity token and nil error if user denied authorization and token if authorization succeeded.

The replying party application should take care for additional checks for state at the OIDC handler - the ValidateAuth method only check OIDC token validity.

User info can be retrieved using the client.GetUserUnfo(accessToken). This method returns maas.UserInfo structure and error.

Pass CLIENT_ID, CLIENT_SECRET and REDIRECT_URI as command line options to example.