Skip to main content

SDKs Usage

Once casdoor is started, you can access user information on casdoor in your application.

In order to facilitate users to quickly access the data on the casdoor server, we provide SDKs(what is the SDK?) for many languages, such as Golang, JavaScript, PHP, Java, etc.

In this chapter we will show you how to use these SDKs, that is, the basic/general steps for using them.

Step1. Init

The first step is to get in touch with the casdoor server. You need to provide the address of the casdoor server, the credential ClientId and ClientSecret of the application, the jwt secret, and the name of the organization where the application is located, which are all string type.

Roughly like this:

Name (in order)MustDescription
endpointYesCasdoor Server Url, such as http://localhost:8000
jwtSecretYesRead from token_jwt_key.pem file

The function signature in Go is as follows, similar to other languages:

func InitConfig(endpoint string, clientId string, clientSecret string, jwtSecret string, organizationName string)

You can refer to the usage in Casnode,

var CasdoorEndpoint = "http://localhost:8000"
var ClientId = "541738959670d221d59d"
var ClientSecret = "66863369a64a5863827cf949bab70ed560ba24bf"
var JwtSecret = "CasdoorSecret"
var CasdoorOrganization = "casbin-forum"

func init() {
auth.InitConfig(CasdoorEndpoint, ClientId, ClientSecret, JwtSecret, CasdoorOrganization)

More specific behavior can refer to the source codes of casdoor-go-sdk.

Step2. SDK access Casdoor

With previous configured authConfig, Casdoor SDK now can turn to casdoor server to verify users, note that SDK uses SetBasicAuth method in net/http library to get ClientId and ClientSecret from Casdoor server and verify users in your application.

More details please refer to

Step3. Get token and parse

After casdoor verification passed, it will be redirected to your application with code and state, like

Your web application can get the code, state and call GetOAuthToken(code, state), then parse out jwt token.

See Usage in Casnode as a reference:

code := c.Input().Get("code")
state := c.Input().Get("state")

token, err := auth.GetOAuthToken(code, state)
if err != nil {

claims, err := auth.ParseJwtToken(token.AccessToken)
if err != nil {

Step4. Set Session in your app

You need to verify the information parsed from the third step. After it is correct (it may be modified), it proves that the user verification has passed, and you can set up the session in your own application.

At this point, the user login is actually completed.

The Method to set session varies greatly depending on the languages and frameworks, casnode uses the beego framework and set session by encapsulation method c.SetSessionUser(), source code.

Usage in Casnode,

token, err := auth.GetOAuthToken(code, state)
if err != nil {

claims, err := auth.ParseJwtToken(token.AccessToken)
if err != nil {

claims.AccessToken = token.AccessToken
c.SetSessionUser(claims) // see here

That's it!

Step5. Interact with the users table

You may not only need to log in, but you will also get user details, or update users information, etc.

The SDK provides several key functions, and you need to customize them in more detail, or report an issue!

  • GetUser(name string), get one user by user name.
  • GetUsers(), get all users.
  • UpdateUser(auth.User)/AddUser(auth.User)/DeleteUser(auth.User), write user to database.
  • CheckUserPassword(auth.User), check user's password.


casdoor SDKs are very convenient for casdoor application development. It does not require us to learn how to interact with the casdoor server from 0, which reduces our burden.

Of course, these SDKs are still in the development stage (you can see that most of the versions are still in 0.1😄), if you have any suggestions, welcome to communicate with us in the community!