[JWT Auth] Support JWT Authentication

[harnish-crest-data]

What does this PR do?

• Provided support of JWT Authentication in bayeux.go file (library) using github.com/golang-jwt/jwt library.

How to test this PR?

• Go to ./examples dir.
• Update Salesforce creds for JWT in main.go.
• Run go run main.go.

Related issues

• Related https://github.com/elastic/obs-infraobs-team/issues/1279

[harnish-crest-data]

The PR is ready for review. Also, this will be in testing once Aliabbas is done with salesforce testing.

[kush-elastic]

To improve the structure and maintainability of the authentication methods in your Go code, I'll refactor the existing methods to separate the concerns of generating authentication parameters and fetching Salesforce credentials. This will make it easier to add new authentication methods in the future without modifying the existing codebase significantly. You can also add validations in each authentication method.

Here's the refactored code:

// GetJWTAuthentication prepares the authentication parameters for JWT-based authentication
func GetJWTAuthentication(clientId, username, audience, path string) (*Authentication, error) {
    claims := jwt.MapClaims{
        "iss": clientId,
        "sub": username,
        "aud": audience,
        "exp": time.Now().Add(1 * time.Hour).Unix(),
    }

    privateKey, err := loadPrivateKey(path)
    if err != nil {
        return nil, err
    }

    tokenString, err := jwt.NewWithClaims(jwt.SigningMethodRS256, claims).SignedString(privateKey)
    if err != nil {
        return nil, err
    }

    return &Authentication{
        urlValues: &url.Values{
            "grant_type": {"urn:ietf:params:oauth:grant-type:jwt-bearer"},
            "assertion":  {tokenString},
        },
        authParameters: &AuthenticationParameters{
            ClientID: clientId,
            Username: username,
            Audience: audience,
            Path:     path,
        },
    }, nil
}

// GetClientCredentialAuthentication prepares the authentication parameters for client credential-based authentication
func GetClientCredentialAuthentication(clientId, clientSecret, username, password, tokenUrl string) (*Authentication, error) {
    return &Authentication{
        urlValues: &url.Values{
            "grant_type":   {"password"},
            "client_id":    {clientId},
            "client_secret": {clientSecret},
            "username":     {username},
            "password":     {password},
        },
        authParameters: &AuthenticationParameters{
            ClientID:     clientId,
            ClientSecret: clientSecret,
            Username:     username,
            Password:     password,
            TokenURL:     tokenUrl,
        },
    }, nil
}

// GetSalesforceCredentials fetches the Salesforce credentials using the prepared authentication parameters
func (a *Authentication) GetSalesforceCredentials() (creds *Credentials, err error) {
    res, err := http.PostForm(a.authParameters.TokenURL, *a.urlValues)
    if err != nil {
        return nil, err
    }
    defer res.Body.Close()

    decoder := json.NewDecoder(res.Body)
    if err := decoder.Decode(&creds); err != nil {
        return nil, err
    } else if creds.AccessToken == "" {
        return nil, fmt.Errorf("unable to fetch access token: %w", err)
    }
    return creds, nil
}

[harnish-crest-data]

updated thanks!

[kush-elastic]

LGTM