go-iam is a lightweight, multi-tenant Identity and Access Management (IAM) server built in Golang. It provides robust authentication and fine-grained authorization for modern applications. With support for custom roles, third-party auth providers, and multi-client setups, go-iam gives you full control over access management in a scalable and modular way.
✅ Admin UI: go-iam-ui
🐳 Docker Setup: go-iam-docker
🔐 Backend: go-iam
📦 SDK: go-iam-sdk
🚀 Examples: go-iam-examples 💬 Reddit Community: r/GoIAM
- Create and manage Projects
- Strict isolation of data between tenants
- Google, Microsoft, GitHub OAuth login support
- Easily extendable to add more providers
- Shared credentials support across multiple clients
- Multiple apps (clients) per project
- Avoid duplicate OAuth credentials
- Define resources and group them into roles
- Create custom roles and assign to users
- Granular access control for different actions/resources
- React-based Admin interface for managing:
- Projects
- Users
- Roles
- Resources
- Clients
| Component | Tech |
|---|---|
| Backend | Golang |
| Database | MongoDB |
| Caching (opt) | Redis |
| Frontend | React + Vite (PNPM) |
- Go 1.21+
- MongoDB
- Redis (optional, recommended)
- Google OAuth Credentials
git clone https://github.com/melvinodsa/go-iam.git
cd go-iam
cp sample.env .env
go run main.goUse the official go-iam-docker repo to spin up everything with Docker Compose, including:
- MongoDB
- Redis
- go-iam (backend)
- go-iam-ui (admin frontend)
git clone https://github.com/melvinodsa/go-iam-docker.git
cd go-iam-docker
cp sample.env .env
docker compose up -d- Admin UI: http://localhost:4173
- API: http://localhost:3000
- API Docs: http://localhost:3000/docs
Due to the extensive test suite in this project, it's important to use the correct testing command to avoid test caching issues that might cause local tests to pass while CI/CD fails.
Use this command for reliable testing:
go test -count=1 ./... -v --race -coverFlags explanation:
-count=1: Disables test result caching to ensure fresh test runs./...: Runs tests for all packages recursively-v: Verbose output showing individual test results--race: Enables race condition detection-cover: Shows test coverage information
Why -count=1 is important:
- With many tests, Go may cache results and show false positives locally
- CI/CD environments don't use cached results, leading to inconsistencies
- This flag ensures your local testing matches CI/CD behavior
# Test specific package
go test -count=1 ./services/user -v --race -cover
# Test specific function
go test -count=1 ./services/user -v --race -cover -run TestCopyUserResourcesSome important environment variables used in .env:
| Variable | Description |
|---|---|
LOGGER_LEVEL |
Logger level 1 - Debug (refer., https://docs.gofiber.io/api/log/) |
DB_HOST |
MongoDB URI (e.g., mongodb://user:pass@host/db) |
JWT_SECRET |
Secret key used for generating and verifying JWT tokens |
REDIS_HOST, REDIS_PASSWORD, ENABLE_REDIS |
Redis host address and toggle to enable Redis caching |
ENCRYPTER_KEY |
Optional symmetric key for encrypting sensitive fields - change this |
AUTH_PROVIDER_REFETCH_INTERVAL_IN_MINUTES |
Interval in minutes to refetch and sync third-party auth providers |
TOKEN_CACHE_TTL_IN_MINUTES |
Interval for which the authentication token should be valid |
- Community Edition: Apache 2.0 (Open Source, free to use)
