Documentation
¶
Index ¶
- func UseKindeAuth(router *gin.RouterGroup, ...) error
- type SessionStorage
- func (storage *SessionStorage) GetCodeVerifier() (string, error)
- func (storage *SessionStorage) GetItem(key string) string
- func (storage *SessionStorage) GetPostAuthRedirect() (string, error)
- func (storage *SessionStorage) GetRawToken() (*oauth2.Token, error)
- func (storage *SessionStorage) GetState() (string, error)
- func (storage *SessionStorage) SetCodeVerifier(codeVerifier string) error
- func (storage *SessionStorage) SetItem(key, value string)
- func (storage *SessionStorage) SetPostAuthRedirect(redirect string) error
- func (storage *SessionStorage) SetRawToken(token *oauth2.Token) error
- func (storage *SessionStorage) SetState(state string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func UseKindeAuth ¶
func UseKindeAuth(router *gin.RouterGroup, kindeDomain, clientID, clientSecret, baseRedirectURL string, options ...authorization_code.Option) error
UseKindeAuth sets up Kinde authentication middleware for a Gin router group.
This function configures OAuth2 authorization code flow authentication with Kinde, including automatic token validation, session management, and protected route handling. It adds three middleware layers:
- Initialization middleware that creates the Kinde client and stores it in context
- Callback handler for processing OAuth2 authorization callbacks
- Authentication middleware that redirects unauthenticated users to login
The middleware automatically:
- Validates JWT tokens using JWKS
- Manages OAuth2 tokens in session storage
- Handles PKCE flow if enabled
- Redirects unauthenticated users to the Kinde login page
- Processes OAuth2 callbacks and stores tokens
Parameters:
- router: The Gin router group to apply authentication to
- kindeDomain: Your Kinde domain (e.g., "https://yourdomain.kinde.com" or "yourdomain")
- clientID: Your OAuth2 client ID
- clientSecret: Your OAuth2 client secret
- baseRedirectURL: The base URL for redirects (e.g., "https://yourapp.com")
- options: Optional configuration options (e.g., WithPKCE, WithScopes, WithOffline)
Returns an error if the Kinde client cannot be created.
Example:
router := gin.Default()
api := router.Group("/api")
err := gin_kinde.UseKindeAuth(
api,
"https://yourdomain.kinde.com",
"your-client-id",
"your-client-secret",
"https://yourapp.com",
authorization_code.WithPKCE(),
authorization_code.WithOffline(),
)
Types ¶
type SessionStorage ¶
type SessionStorage struct {
// contains filtered or unexported fields
}
SessionStorage implements the authorization_code.ISessionHooks interface for storing and retrieving OAuth2 session data using Gin's session middleware.
It provides methods for managing:
- OAuth2 tokens (access, refresh, ID tokens)
- PKCE code verifiers
- Authentication state
- Post-authentication redirect URLs
- Custom session items
This storage backend is designed to work seamlessly with Gin's sessions package and is used by the UseKindeAuth middleware to manage authentication state.
func (*SessionStorage) GetCodeVerifier ¶ added in v0.1.2
func (storage *SessionStorage) GetCodeVerifier() (string, error)
GetCodeVerifier retrieves the PKCE code verifier from the session.
This method implements authorization_code.ISessionHooks and is used during the OAuth2 authorization code exchange with PKCE flow. The code verifier is required to complete the token exchange after the user authorizes the application.
Returns the code verifier string if found, or an error if:
- The code verifier is not found in the session
- The stored value is not a valid string type
This method implements authorization_code.ISessionHooks.
func (*SessionStorage) GetItem ¶
func (storage *SessionStorage) GetItem(key string) string
GetItem retrieves a custom string value from the session by key.
Parameters:
- key: The session key to retrieve
Returns the string value associated with the key, or an empty string if not found.
func (*SessionStorage) GetPostAuthRedirect ¶
func (storage *SessionStorage) GetPostAuthRedirect() (string, error)
GetPostAuthRedirect retrieves the post-authentication redirect URL from the session.
This method implements authorization_code.SessionHooks and retrieves the URL where the user should be redirected after successful authentication. This is useful for preserving the user's intended destination before they were redirected to the login page.
Returns the redirect URL if found, or an empty string if not set. Returns an error if the stored value is not a valid string type.
This method implements authorization_code.SessionHooks.
func (*SessionStorage) GetRawToken ¶ added in v0.0.6
func (storage *SessionStorage) GetRawToken() (*oauth2.Token, error)
GetRawToken retrieves the raw OAuth2 token from the session.
This method implements authorization_code.ISessionHooks and retrieves the complete OAuth2 token (including access token, refresh token, expiry, etc.) that was previously stored in the session. The token is deserialized from JSON format for compatibility with session storage.
Returns the OAuth2 token if found, or an error if:
- The token is not found in the session
- The stored value cannot be deserialized as a valid token
- The token data is in an invalid format
This method implements authorization_code.ISessionHooks.
func (*SessionStorage) GetState ¶
func (storage *SessionStorage) GetState() (string, error)
GetState retrieves the OAuth2 state parameter from the session.
This method implements authorization_code.SessionHooks and retrieves the state value that was generated during the authorization request. The state parameter is used to prevent CSRF attacks by verifying that the authorization response corresponds to the original request.
Returns the state string if found, or an empty string if not set. Returns an error if the stored value is not a valid string type.
This method implements authorization_code.SessionHooks.
func (*SessionStorage) SetCodeVerifier ¶ added in v0.1.2
func (storage *SessionStorage) SetCodeVerifier(codeVerifier string) error
SetCodeVerifier stores the PKCE code verifier in the session.
This method implements authorization_code.ISessionHooks and is used to store the PKCE code verifier during the OAuth2 authorization flow. The code verifier must be stored securely in the session so it can be retrieved later during the token exchange process.
Parameters:
- codeVerifier: The PKCE code verifier string to store
Returns an error if the session cannot be saved.
This method implements authorization_code.ISessionHooks.
func (*SessionStorage) SetItem ¶
func (storage *SessionStorage) SetItem(key, value string)
SetItem stores a custom string value in the session with the specified key.
Parameters:
- key: The session key to store the value under
- value: The string value to store
Note: This method does not return an error for backwards compatibility, but errors from session.Save() are silently ignored. Consider using a method that returns an error for critical session operations.
func (*SessionStorage) SetPostAuthRedirect ¶
func (storage *SessionStorage) SetPostAuthRedirect(redirect string) error
SetPostAuthRedirect stores the post-authentication redirect URL in the session.
This method implements authorization_code.SessionHooks and stores the URL where the user should be redirected after successful authentication. This allows the application to remember the user's intended destination before they were redirected to the login page.
Parameters:
- redirect: The URL to redirect to after authentication
Returns an error if the session cannot be saved.
This method implements authorization_code.SessionHooks.
func (*SessionStorage) SetRawToken ¶ added in v0.0.6
func (storage *SessionStorage) SetRawToken(token *oauth2.Token) error
SetRawToken stores the raw OAuth2 token in the session.
This method implements authorization_code.ISessionHooks and stores the complete OAuth2 token (including access token, refresh token, expiry, etc.) in the session. The token is serialized to JSON format to avoid gob serialization issues with the oauth2.Token type.
Parameters:
- token: The OAuth2 token to store, or nil to clear the token from the session
Returns an error if:
- The token cannot be serialized to JSON
- The session cannot be saved
This method implements authorization_code.ISessionHooks.
func (*SessionStorage) SetState ¶
func (storage *SessionStorage) SetState(state string) error
SetState stores the OAuth2 state parameter in the session.
This method implements authorization_code.SessionHooks and stores the state value that will be used during the OAuth2 authorization flow. The state parameter is used to prevent CSRF attacks by verifying that the authorization response corresponds to the original request.
Parameters:
- state: The state string to store
Returns an error if the session cannot be saved.
This method implements authorization_code.SessionHooks.