OneLogin client written in Go.
This is a fork of arkan/onelogin that has been extended to implement authentication methods that support MFA. It's drifted in time to suit my needs.
go get github.com/asobrien/onelogin
First you need to register a new application to have clientID
and clientSecret
credentials.
At a minimum your credentials need "Authentication Only" scope in order to authenticate a user. Querying the API, requires additional scopes which do not include the ability to authenticate.
If you need to authenticate users are programatically use the API, you will need to use two sets of credentials and reinitialize the client. Only the "Manage All" scope has the ability to authenticate users and interact with the API.
c := onelogin.New(clientID, clientSecret, "us_or_eu", team)
users, err := c.User.GetUsers(context.Background())
Authenticate via username/password:
c := onelogin.New(clientID, clientSecret, "us_or_eu", team)
user, err := c.Authenticate(context.Background(), "username", "password")
Note this authentication method always returns a user
, if authentication if successful,
regardless of whether MFA is required or not. To authenticate a user with strict MFA validation,
use the AuthenticateWithVerify
function:
c := onelogin.New(clientID, clientSecret, "us_or_eu", team)
user, err := c.AuthenticateWithVerify(context.Background(), "username", "password", "Google Authenticator", "123456")
See the documentation for all the available commands.