API cookbook

Orionis keeps caller, resource, and auth-server integration blocks readable.

Calling service

hc, err := client.New().
    TokenURL("http://orionis-auth.internal/oauth/token").
    As("orders-service", "load-from-secrets-manager").
    For("billing-api", "billing.invoice.create").
    BuildHTTPClient(http.DefaultClient)

GIN resource service

guard, err := ginorion.New().
    Issuer("http://orionis-auth.internal").
    Audience("billing-api").
    JWKS("http://orionis-auth.internal/.well-known/jwks.json").
    Build()

r.POST("/invoices", guard.Require("billing.invoice.create"), handler)

Auth server endpoints

POST /oauth/token
GET  /.well-known/jwks.json
GET  /.well-known/openid-configuration
GET  /healthz
GET  /readyz