Introduction

This guide covers how to utilize the certificate verify mode within the Descope backend Go SDK.

In Go (Golang), InsecureSkipVerify is a field in the tls.Config struct. When set to true, it controls whether a client verifies the server's certificate chain and host name. If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate.

Descope allows you to configure how Golang verifies the certificates during the instantiation of the Descope Go SDK.

Available Verification configuration

When instantiating the Descope Go SDK, you can select which mode you would like to utilize. The available modes are detailed below.

  • CertificateVerifyAutomatic (default): Always verify server certificate, unless the BaseURL is overridden to a value that uses an ip address, localhost, or a custom port
  • CertificateVerifyAlways: Always verify server certificate, this is only needed if you override the default BaseURL and the automatic behavior isn't suitable
  • CertificateVerifyNever: Never verify server certificate

Instantiating the Descope SDK

To configure the method which you verify certificates within the instantiation of the Go SDK, you would use the following as an example.

Install SDK

go get github.com/descope/go-sdk

Import and initialize SDK

import "github.com/descope/go-sdk/descope"
import "github.com/descope/go-sdk/descope/client"

// Utilizing the context package allows for the transmission of context capabilities like cancellation
//      signals during the function call. In cases where context is absent, the context.Background()
//      function serves as a viable alternative.
//      Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
import (
	"context"
)

// DescopeBaseURL // within the client.Config, you can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize CNAME within your Descope project.

descopeClient, err := client.NewWithConfig(&client.Config{ProjectID:"__ProjectID__", CertificateVerify:CertificateVerifyAutomatic})
if err != nil {
    // handle the error
    log.Println("failed to initialize: " + err.Error())
}