Security Best Practices

Certificate Verify Mode (Go)

In Go (Golang), InsecureSkipVerify is a field in the tls.Config struct. When set to true, it controls whether a client verifies the server's certificate chain and host name.

If InsecureSkipVerify is true, TLS accepts any certificate presented by the server and any host name in that certificate.

This guide covers how to utilize the certificate verify mode during the instantiation of the Descope Go SDK.

Available Verification Configuration

When instantiating the Descope Go SDK, you can select which mode you would like to utilize. The available modes are detailed below.

  • CertificateVerifyAutomatic (default): Always verify server certificate, unless the BaseURL is overridden to a value that uses an ip address, localhost, or a custom port
  • CertificateVerifyAlways: Always verify server certificate, this is only needed if you override the default BaseURL and the automatic behavior isn't suitable
  • CertificateVerifyNever: Never verify server certificate

Using the Go SDK

To configure the method which you verify certificates within the instantiation of the Go SDK, you would use the following as an example.

Install SDK

Terminal
go get github.com/descope/go-sdk

Import and initialize SDK

import "github.com/descope/go-sdk/descope"
import "github.com/descope/go-sdk/descope/client"
 
// Utilizing the context package allows for the transmission of context capabilities like cancellation
//      signals during the function call. In cases where context is absent, the context.Background()
//      function serves as a viable alternative.
//      Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
import (
	"context"
)
 
// DescopeBaseURL // within the client.Config, you can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize CNAME within your Descope project.
 
descopeClient, err := client.NewWithConfig(&client.Config{ProjectID:"__ProjectID__", CertificateVerify:CertificateVerifyAutomatic})
if err != nil {
    // handle the error
    log.Println("failed to initialize: " + err.Error())
}
Was this helpful?

Previous

Firewall ACL Configuration

Next

Rate Limits

On this page

Certificate Verify Mode (Go)Available Verification ConfigurationUsing the Go SDKInstall SDKImport and initialize SDK