I built a SCIM 2.0 gateway library for Go that makes it straightforward to expose any backend as a standards-compliant identity provider.
SCIM (System for Cross-domain Identity Management) is the standard protocol for user provisioning between systems like Okta, Azure AD, and your application. Existing Go implementations were either incomplete or unmaintained.
Key technical decisions:
- Plugin pattern: backends return raw data, library handles protocol (filtering, pagination, PATCH operations)
- Full RFC 7643/7644 compliance: all filter operators, complex path expressions, bulk operations with cycle detection
- Per-plugin authentication: each backend can use different auth (Basic, Bearer, custom JWT)
- Minimal dependencies: only google/uuid, uses stdlib for everything else
- Thread-safe: proper mutex usage, 76% test coverage, zero panics
Can run as standalone server or embedded http.Handler. Includes SQLite, PostgreSQL, and in-memory examples.
The plugin interface is simple:
SCIM (System for Cross-domain Identity Management) is the standard protocol for user provisioning between systems like Okta, Azure AD, and your application. Existing Go implementations were either incomplete or unmaintained.
Key technical decisions:
- Plugin pattern: backends return raw data, library handles protocol (filtering, pagination, PATCH operations) - Full RFC 7643/7644 compliance: all filter operators, complex path expressions, bulk operations with cycle detection - Per-plugin authentication: each backend can use different auth (Basic, Bearer, custom JWT) - Minimal dependencies: only google/uuid, uses stdlib for everything else - Thread-safe: proper mutex usage, 76% test coverage, zero panics
Can run as standalone server or embedded http.Handler. Includes SQLite, PostgreSQL, and in-memory examples. The plugin interface is simple:
Inspired by the Node.js scimgateway but redesigned for Go's type system and concurrency model.GitHub: https://github.com/marcelom97/scimgateway
Happy to discuss design tradeoffs and answer questions!