Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure.

yubigo

Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubikey into any Go application.

Installation

Installation is simple. Use go get: go get github.com/GeertJohan/yubigo

Usage

Make sure to import the library: import "github.com/GeertJohan/yubigo"

For use with the default Yubico servers, make sure you have an API key. Request a key.

Basic OTP checking usage:

// create a new yubiAuth instance with id and key
yubiAuth, err := yubigo.NewYubiAuth("1234", "fdsaffqaf4vrc2q3cds=")
if err != nil {
	// probably an invalid key was given
	log.Fatalln(err)
}

// verify an OTP string
result, ok, err := yubiAuth.Verify("ccccccbetgjevivbklihljgtbenbfrefccveiglnjfbc")
if err != nil {
	log.Fatalln(err)
}

if ok {
	// succes!! The OTP is valid!
	log.Printf("Used query was: %s\n", result.GetRequestQuery()) // this query string includes the url of the api-server that responded first.
} else {
	// fail! The OTP is invalid or has been used before.
	log.Println("The given OTP is invalid!!!")
}

Use your own HTTP Client with fine-tuned config: While the library works out of the box, it's not recommended to use the default http client. It is better to configure your own http client with useful timeouts.

For example:

yubigo.HTTPClient = &http.Client{
    Timeout: time.Second * 15,
    Transport: &http.Transport{
        MaxConnsPerHost:     20,
        MaxIdleConnsPerHost: 5,
        DialContext: (&net.Dialer{
            Timeout:   30 * time.Second,
            KeepAlive: 60 * time.Second,
        }).DialContext,
        TLSHandshakeTimeout:   10 * time.Second,
        ResponseHeaderTimeout: 10 * time.Second,
        ExpectContinueTimeout: 1 * time.Second,
    },
}

Do not verify HTTPS certificate:

// Disable HTTPS cert verification. Use true to enable again.
yubiAuth.HttpsVerifyCertificate(false)

HTTP instead of HTTPS:

// Disable HTTPS. Use true to enable again.
yubiAuth.UseHttps(false)

Custom API server:

// Set a list of n servers, each server as host + path. 
// Do not prepend with protocol
yubiAuth.SetApiServerList("api0.server.com/api/verify", "api1.server.com/api/verify", "otherserver.com/api/verify")

Licence

This project is licensed under a Simplified BSD license. Please read the LICENSE file.

Todo

  • Test files
  • More documentation
  • Getters/Setters for some options on the YubiAuth object.

Protocol & Package documentation

This project is implementing a pure-Go Yubico OTP Validation Client and is following the Yubico Validation Protocol Version 2.0.

You will find "go doc"-like package documentation at go.pkgdoc.org.

Owner
Geert-Johan Riemer
Go, k8s, Dart/Flutter
Geert-Johan Riemer
https://github.com/GeertJohan/yubigo
Similar Resources

A project that provides an in-memory key-value store as a REST API. Also, it's containerized and can be used as a microservice.

Easy to Use In-Memory Key-Value Store A project that provides an in-memory key-value store as a REST API. Also, it's containerized and can be used as

Mar 6, 2022

CircleCI API (V2) Client Library in Go

go-circleci This client supports the CircleCI V2 API. Installation Installation can be done with a normal go get: go get -u github.com/grezar/go-circl

Dec 12, 2022

The gofinder program is an acme user interface to search through Go projects.

The gofinder program is an acme user interface to search through Go projects.

Jun 14, 2021

User level X Keyboard Grabber

xkg - X Keyboard Grabber Installation go get gopkg.in/xkg.v0 Usage example: package main import ( "fmt" "gopkg.in/xkg.v0" ) func main() { var ke

Sep 27, 2022

Get user-like access to VirtualBox VMs from Go code.

#Vboxgo Get user-like access to VirtualBox VMs from Go code. This library wraps some define-tainted VirtualBox SDK functions, making it possible to ge

Oct 25, 2021

Go implementation of the XDG Base Directory Specification and XDG user directories

xdg Provides an implementation of the XDG Base Directory Specification. The specification defines a set of standard paths for storing application file

Dec 23, 2022

set and get github user statuses

gh user-status being an extension for interacting with the status on a GitHub profile. gh user-status set gh user-status set interactively set status

Nov 19, 2022

create temporary Firefox profile, install user.js and extensions, launch Firefox

tmpfox tmpfox is a Firefox wrapper that: Creates a temporary Firefox profile Installs user.js configuration file from Arkenfox for increased privacy a

Jul 27, 2022

Create one endpoint with add user functionality

hubuc-task Create one endpoint with add user functionality

Nov 13, 2021
Comments
  • Fix Dvorak support

    Fix Dvorak support

    This removes the check that requires the OTP of the response to match that of the request. The Yubico API does Dvorak to QWERTY conversion which can make this fail. Obviously, this could also be resolved by doing the conversion in the library before hitting the endpoint, but the downside is that we wouldn't get other layout support for free (if Yubico began supporting Colemak, the library would also reject these until proper conversion had been implemented).

  • Now able to override HTTP client

    Now able to override HTTP client

    Adding a package variable so that the HTTP.client can be overridden. This would be needed if used on Google App Engine.

    Example code

    yubigo.HTTPClient = urlfetch.Client(c)  // c is your context
yubiAuth, err := yubigo.NewYubiAuth(YUBIKEY_CLIENT_ID, YUBIKEY_SECRET_KEY)
  • question about using with Flutter Mobile

    question about using with Flutter Mobile

    Wondering how you approached doing yubikey for IOS and Android.

    The new yubikeys work on IOS now apparently.

    https://support.yubico.com/support/solutions/articles/15000006479-getting-started-on-ios

Related tags
Miscellaneous yubigo
import csv into existing table postgresql or cockroachdb

import csv into existing table postgresql or cockroachdb

Nov 1, 2021
:sunglasses:Package captcha provides an easy to use, unopinionated API for captcha generation

Package captcha provides an easy to use, unopinionated API for captcha generation. Why another captcha generator? I want a simple and framework-indepe

Dec 28, 2022
Gorsair hacks its way into remote docker containers that expose their APIs
 Gorsair hacks its way into remote docker containers that expose their APIs

Gorsair Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access

Dec 31, 2022
IBus Engine for GoVarnam. An easy way to type Indian languages on GNU/Linux systems.

IBus Engine For GoVarnam An easy way to type Indian languages on GNU/Linux systems. goibus - golang implementation of libibus Thanks to sarim and haun

Feb 10, 2022
Provides a rest API that used to count how many times a certain repository of your github has been cloned.
 Provides a rest API that used to count how many times a certain repository of your github has been cloned.

traffic-clones-api An apiserver for https://shields.io/endpoint. Description Provides a rest API that used to count how many times a certain repositor

Dec 19, 2021
GoThanks automatically stars Go's official repository and your go.mod github dependencies, providing a simple way to say thanks to the maintainers of the modules you use and the contributors of Go itself.
 GoThanks automatically stars Go's official repository and your go.mod github dependencies, providing a simple way to say thanks to the maintainers of the modules you use and the contributors of Go itself.

Give thanks (in the form of a GitHub ★) to your fellow Go modules maintainers. About GoThanks performs the following operations Sends a star to Go's r

Dec 24, 2022
Host yo' self from your browser, your phone, your toaster.
 Host yo' self from your browser, your phone, your toaster.

A hosting service from the browser, because why not. Try it at hostyoself.com. See it in action Here's an example where I use hostyoself.com to host i

Jan 1, 2023
Package buildinfo provides basic building blocks and instructions to easily add build and release information to your app.
 Package buildinfo provides basic building blocks and instructions to easily add build and release information to your app.

Package buildinfo provides basic building blocks and instructions to easily add build and release information to your app. This is done by replacing variables in main during build with ldflags.

Nov 14, 2021
This repository provides various utilities to help you build your NFT collection!

Attention! A powerful computer may be required! About This repository provides various utilities to help you build your NFT collection: Generate image

Nov 4, 2022
Phalanx is a cloud-native full-text search and indexing server written in Go built on top of Bluge that provides endpoints through gRPC and traditional RESTful API.

Phalanx Phalanx is a cloud-native full-text search and indexing server written in Go built on top of Bluge that provides endpoints through gRPC and tr

Dec 25, 2022