auth

package
v0.38.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: MIT Imports: 18 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SetTokenCookie 

func SetTokenCookie(w http.ResponseWriter, token string)

func UserIDFromContext 

func UserIDFromContext(ctx context.Context) string

UserIDFromContext extracts the user ID set by Middleware.

Types

type AcceptConsentBody added in v0.33.0 

type AcceptConsentBody struct {
	GrantScope  []string       `json:"grant_scope"`
	Session     ConsentSession `json:"session"`
	Remember    bool           `json:"remember,omitempty"`
	RememberFor int            `json:"remember_for,omitempty"`
}

type AcceptDeviceBody added in v0.34.10 

type AcceptDeviceBody struct {
	UserCode string `json:"user_code"`
}

type AcceptLoginBody added in v0.33.0 

type AcceptLoginBody struct {
	Subject     string `json:"subject"`
	Remember    bool   `json:"remember"`
	RememberFor int    `json:"remember_for,omitempty"`
}

type Auth 

type Auth struct {
	// contains filtered or unexported fields
}

func New 

func New(database *db.DB) *Auth

func (*Auth) DB 

func (a *Auth) DB() *db.DB

DB returns the underlying database for use by other auth subsystems.

func (*Auth) GetUserByEmail added in v0.23.0 

func (a *Auth) GetUserByEmail(email string) (*db.User, error)

GetUserByEmail returns user info by email.

func (*Auth) GetUserByID 

func (a *Auth) GetUserByID(id string) (*db.User, error)

GetUserByID returns user info by ID.

func (*Auth) IssueToken 

func (a *Auth) IssueToken(userID string) (string, error)

IssueToken generates a random token, stores it, and returns it.

func (*Auth) Login 

func (a *Auth) Login(email, password string) (string, string, bool)

Login verifies credentials by email and returns a token.

func (*Auth) Middleware 

func (a *Auth) Middleware(next http.Handler) http.Handler

Middleware enforces authentication and injects user ID into context.

func (*Auth) Register 

func (a *Auth) Register(id, email, password string) error

Register creates a new user with a bcrypt-hashed password.

func (*Auth) ValidateRequest 

func (a *Auth) ValidateRequest(r *http.Request) (string, bool)

ValidateRequest checks whether a request has a valid auth cookie and returns the user ID.

func (*Auth) ValidateToken 

func (a *Auth) ValidateToken(token string) (string, bool)

ValidateToken checks the token against the database and returns the user ID.

type ConsentRequest added in v0.33.0 

type ConsentRequest struct {
	Challenge      string   `json:"challenge"`
	Subject        string   `json:"subject"`
	RequestedScope []string `json:"requested_scope"`
	Client         struct {
		ClientID string `json:"client_id"`
	} `json:"client"`
}

type ConsentSession added in v0.33.0 

type ConsentSession struct {
	AccessToken map[string]interface{} `json:"access_token,omitempty"`
	IDToken     map[string]interface{} `json:"id_token,omitempty"`
}

type GenericOIDCProvider 

type GenericOIDCProvider struct {
	// contains filtered or unexported fields
}

func NewGenericOIDCProvider 

func NewGenericOIDCProvider(ctx context.Context, issuerURL, clientID, clientSecret, redirectURL string) (*GenericOIDCProvider, error)

func (*GenericOIDCProvider) GetIdentity 

func (g *GenericOIDCProvider) GetIdentity(ctx context.Context, token *oauth2.Token) (string, string, string, string, string, error)

func (*GenericOIDCProvider) Name 

func (g *GenericOIDCProvider) Name() string

func (*GenericOIDCProvider) OAuth2Config 

func (g *GenericOIDCProvider) OAuth2Config() *oauth2.Config

type GitHubProvider 

type GitHubProvider struct {
	// contains filtered or unexported fields
}

func NewGitHubProvider 

func NewGitHubProvider(clientID, clientSecret, redirectURL string) *GitHubProvider

func (*GitHubProvider) GetIdentity 

func (g *GitHubProvider) GetIdentity(ctx context.Context, token *oauth2.Token) (string, string, string, string, string, error)

func (*GitHubProvider) Name 

func (g *GitHubProvider) Name() string

func (*GitHubProvider) OAuth2Config 

func (g *GitHubProvider) OAuth2Config() *oauth2.Config

type HydraClient added in v0.33.0 

type HydraClient struct {
	AdminURL  string // e.g. "http://hydra:4445"
	PublicURL string // e.g. "https://auth.example.com"
	// contains filtered or unexported fields
}

HydraClient talks to the Ory Hydra Admin API.

func NewHydraClient added in v0.33.0 

func NewHydraClient(adminURL, publicURL string) *HydraClient

NewHydraClient creates a client for the given Hydra Admin URL.

func (*HydraClient) AcceptConsent added in v0.33.0 

func (h *HydraClient) AcceptConsent(challenge string, body AcceptConsentBody) (string, error)

func (*HydraClient) AcceptDeviceChallenge added in v0.34.10 

func (h *HydraClient) AcceptDeviceChallenge(challenge string, body AcceptDeviceBody) (string, error)

func (*HydraClient) AcceptLogin added in v0.33.0 

func (h *HydraClient) AcceptLogin(challenge string, body AcceptLoginBody) (string, error)

func (*HydraClient) GetConsentRequest added in v0.33.0 

func (h *HydraClient) GetConsentRequest(challenge string) (*ConsentRequest, error)

func (*HydraClient) GetLoginRequest added in v0.33.0 

func (h *HydraClient) GetLoginRequest(challenge string) (*LoginRequest, error)

func (*HydraClient) IntrospectToken added in v0.33.0 

func (h *HydraClient) IntrospectToken(token string) (*IntrospectionResult, error)

func (*HydraClient) RejectConsent added in v0.33.0 

func (h *HydraClient) RejectConsent(challenge string, body RejectBody) (string, error)

func (*HydraClient) RejectLogin added in v0.33.0 

func (h *HydraClient) RejectLogin(challenge string, body RejectBody) (string, error)

type IntrospectionResult added in v0.33.0 

type IntrospectionResult struct {
	Active   bool                   `json:"active"`
	Subject  string                 `json:"sub"`
	Scope    string                 `json:"scope"`
	ClientID string                 `json:"client_id"`
	Extra    map[string]interface{} `json:"ext"`
}

func (*IntrospectionResult) HasScope added in v0.33.0 

func (r *IntrospectionResult) HasScope(scope string) bool

HasScope checks if the introspection result includes the given scope.

type LoginRequest added in v0.33.0 

type LoginRequest struct {
	Challenge      string   `json:"challenge"`
	Subject        string   `json:"subject"`
	Skip           bool     `json:"skip"`
	RequestedScope []string `json:"requested_scope"`
	Client         struct {
		ClientID string `json:"client_id"`
	} `json:"client"`
}

type OIDCManager 

type OIDCManager struct {
	OnUserCreated func(userID string) // called when a brand-new user is created via OIDC
	// contains filtered or unexported fields
}

OIDCManager orchestrates multiple OIDC/OAuth2 providers.

func NewOIDCManager 

func NewOIDCManager(baseURL string, authSvc *Auth) *OIDCManager

NewOIDCManager creates a new manager. baseURL is the external redirect base (e.g. "https://app.example.com").

func (*OIDCManager) HandleCallback 

func (m *OIDCManager) HandleCallback(w http.ResponseWriter, r *http.Request, providerName string)

HandleCallback processes the IdP callback, resolves/creates the user, and sets the auth cookie.

func (*OIDCManager) HandleLogin 

func (m *OIDCManager) HandleLogin(w http.ResponseWriter, r *http.Request, providerName string)

HandleLogin redirects the user to the IdP authorization endpoint.

func (*OIDCManager) ProviderNamesForHost added in v0.24.0 

func (m *OIDCManager) ProviderNamesForHost(host string) []string

ProviderNamesForHost returns provider names available for the given request host.

func (*OIDCManager) RegisterProvider 

func (m *OIDCManager) RegisterProvider(p Provider)

RegisterProvider adds a provider available on all domains.

func (*OIDCManager) RegisterProviderWithDomains added in v0.24.0 

func (m *OIDCManager) RegisterProviderWithDomains(p Provider, domains []string)

RegisterProviderWithDomains adds a provider restricted to specific base domains. If domains is empty, the provider is available on all domains.

type Provider 

type Provider interface {
	Name() string
	OAuth2Config() *oauth2.Config
	// GetIdentity returns the identity from the provider.
	// Returns: subject, email, displayName, login (preferred username), avatarURL, error.
	// login and avatarURL may be empty if the provider doesn't support them.
	GetIdentity(ctx context.Context, token *oauth2.Token) (subject, email, displayName, login, avatarURL string, err error)
}

Provider abstracts an OAuth2/OIDC identity provider.

type RedirectResponse added in v0.33.0 

type RedirectResponse struct {
	RedirectTo string `json:"redirect_to"`
}

type RejectBody added in v0.33.0 

type RejectBody struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.