README
¶
Adele OAuth2
A first-party OAuth2 authorization server package for the Adele Go framework. Implements RFC 6749 (OAuth 2.0 Authorization Framework), RFC 6750 (Bearer Token Usage), and RFC 7636 (PKCE) compliant flows. Ships as an Adele ServiceProvider with automatic route registration, bearer token middleware, and scope-based access control. Supports authorization code (with and without PKCE), client credentials, and password grants.
Supported Grant Types
| Grant Type | Client Type | Flow | Use Case |
|---|---|---|---|
authorization_code |
plain |
Server-side apps with secure secret storage | Web apps |
authorization_code |
pkce |
Public clients (SPAs, mobile, native apps) | Browser/mobile |
authorization_code |
pkce_implicit |
Public clients, no user consent, short-lived tokens | Limited-scope browser widgets |
client_credentials |
— | Machine-to-machine, no user context | Service accounts |
password |
— | Trusted first-party apps with direct credential access | Legacy/internal tools |
Quick Start
go get github.com/cidekar/adele-oauth2
Blank-import the package to auto-register the ServiceProvider:
import (
_ "github.com/cidekar/adele-oauth2"
)
The ServiceProvider automatically registers:
GET /oauth/authorize— authorization request (renders consent)POST /oauth/authorize— authorization grant exchangePOST /oauth/token— token exchangePOST /oauth/token/refresh— refresh token exchangeGET /api/ping— test endpoint for bearer middleware validation
Optional provider configuration:
app.Provider.SetProviderConfig("oauth", map[string]interface{}{
"guarded_route_groups": []string{"/api"},
"scopes": map[string]string{
"read": "Read access",
"write": "Write access",
},
})
Documentation
For complete documentation including installation, configuration, scopes, middleware, and client management, see the full documentation.
License
Copyright 2025 Cidekar, LLC. All rights reserved.
Documentation
¶
Index ¶
- type Client
- type Configuration
- type ErrorResponse
- type OauthResponse
- type Scopes
- type Service
- type ServiceProvider
- func (p *ServiceProvider) Boot(app interface{}) error
- func (p *ServiceProvider) Configure(config map[string]interface{}) error
- func (p *ServiceProvider) Name() string
- func (p *ServiceProvider) Priority() int
- func (p *ServiceProvider) Register(app interface{}) error
- func (p *ServiceProvider) Service() *api.Service
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Configuration = api.Configuration
type ErrorResponse ¶
type ErrorResponse = api.ErrorResponse
type OauthResponse ¶
type OauthResponse = api.OauthResponse
type Service ¶
func NewWithConfig ¶
func NewWithConfig(a *adele.Adele, config Configuration) (Service, error)
type ServiceProvider ¶
type ServiceProvider struct {
// contains filtered or unexported fields
}
ServiceProvider is the compiled Adele framework provider for OAuth2. It registers token exchange routes and wires up the OAuth2 service.
Example:
// Registered automatically via init(); access after boot:
p := app.GetProvider("oauth").(*oauth.ServiceProvider)
func (*ServiceProvider) Boot ¶
func (p *ServiceProvider) Boot(app interface{}) error
Boot is a no-op; all initialization is done in Register.
func (*ServiceProvider) Configure ¶
func (p *ServiceProvider) Configure(config map[string]interface{}) error
Configure maps a config map to the Configuration struct fields and stores it for use during Register.
func (*ServiceProvider) Name ¶
func (p *ServiceProvider) Name() string
Name returns the unique identifier for this provider.
func (*ServiceProvider) Priority ¶
func (p *ServiceProvider) Priority() int
Priority returns 51, placing this provider in the security tier per Adele conventions.
func (*ServiceProvider) Register ¶
func (p *ServiceProvider) Register(app interface{}) error
Register initializes the OAuth2 service and registers token routes on the Adele app.
func (*ServiceProvider) Service ¶
func (p *ServiceProvider) Service() *api.Service
Service returns the underlying *api.Service so consumers can mount AuthenticationTokenMiddleware on their own route groups. Returns nil if the provider has not been registered yet (call after provider.LoadProviders).
Typical use:
svc := oauthProvider.Service() r.Use(svc.AuthenticationTokenMiddleware())
This is the documented escape hatch when the consumer's router doesn't route through the provider's auto-mounted /oauth/* routes (e.g., chi-based apps that mount oauth_subrouter separately from /v1/*).
Source Files
Directories