README
¶
Consent Plugin Demo Application
Interactive demo application showcasing the Consent & Privacy Management plugin features.
Features Demonstrated
This demo application demonstrates:
- User Authentication - Sign up/Sign in
- Consent Management - Grant and revoke consent for different purposes
- Cookie Consent - Manage cookie preferences with granular categories
- GDPR Data Export (Article 20) - Request and download personal data
- GDPR Right to be Forgotten (Article 17) - Request account deletion
- Consent-Protected Routes - Routes that require specific consent
- Consent Summary - View all user consent status
Prerequisites
- Go 1.21 or higher
- SQLite (for demo database)
Quick Start
# From the authsome root directory
cd examples/consent-demo
# Run the demo
go run main.go
The server will start on http://localhost:8080
Usage
1. Open the Demo UI
Navigate to http://localhost:8080/demo in your browser.
2. Create an Account
- Enter an email and password
- Click "Sign Up"
- The response will include an authentication token (automatically saved)
3. Test Consent Management
Grant Marketing Consent:
- Click "Grant Marketing Consent"
- This allows the application to send marketing emails
Revoke Consent:
- Click "Revoke Marketing Consent"
- This withdraws your consent for marketing
4. Manage Cookie Preferences
-
Select your cookie preferences:
- Essential (always on)
- Functional
- Analytics
- Marketing
-
Click "Save Cookie Preferences"
5. Request Data Export (GDPR Article 20)
- Click "Request Data Export"
- Wait for processing (shows as "pending")
- Click "List My Exports" to see status
- When completed, you can download your data
6. Request Account Deletion (GDPR Article 17)
- Enter a reason for deletion
- Click "Request Account Deletion"
- Status shows as "pending" (requires admin approval)
- Click "List Deletion Requests" to view status
7. Test Protected Endpoints
Marketing Endpoint:
- Click "Test Marketing Endpoint"
- If you've granted marketing consent: ✅ Success
- If not granted: ❌ 403 Forbidden with consent required error
Analytics Endpoint:
- Click "Test Analytics Endpoint"
- Requires analytics consent to access
8. View Consent Summary
Click "Get My Consent Summary" to see:
- Total consents
- Granted vs revoked consents
- Consent by type
- Pending deletions/exports
API Examples
Grant Consent
curl -X POST http://localhost:8080/api/auth/consent/records \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"consentType": "marketing",
"purpose": "email_campaigns",
"granted": true,
"version": "1.0"
}'
Revoke Consent
curl -X POST http://localhost:8080/api/auth/consent/revoke \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"consentType": "marketing",
"purpose": "email_campaigns"
}'
Request Data Export
curl -X POST http://localhost:8080/api/auth/consent/export \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"format": "json",
"includeSections": ["profile", "consents", "audit"]
}'
Request Data Deletion
curl -X POST http://localhost:8080/api/auth/consent/deletion \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"reason": "GDPR Article 17 request",
"deleteSections": ["all"]
}'
Get Consent Summary
curl http://localhost:8080/api/auth/consent/summary \
-H "Authorization: Bearer YOUR_TOKEN"
Configuration
The demo uses default configuration. To customize, create a config.yaml:
auth:
consent:
enabled: true
gdprEnabled: true
ccpaEnabled: false
cookieConsent:
enabled: true
defaultStyle: "banner"
requireExplicit: true
validityPeriod: "8760h" # 1 year
dataExport:
enabled: true
maxRequests: 5
requestPeriod: "720h" # 30 days
expiryHours: 72
dataDeletion:
enabled: true
requireAdminApproval: true
gracePeriodDays: 30
Testing Consent-Protected Routes
The demo includes two protected routes:
-
Marketing Endpoint (
/marketing/subscribe)- Requires marketing consent for email_campaigns
- Returns success if consent granted
- Returns 403 if consent not granted
-
Analytics Endpoint (
/analytics/track)- Requires analytics consent for usage_tracking
- Returns success if consent granted
- Returns 403 if consent not granted
Database
The demo uses an in-memory SQLite database. Data is lost when the server stops.
For persistent data, modify the configuration to use a file-based database:
// In main.go, add database configuration
config := authsome.Config{
DatabaseURL: "sqlite://consent_demo.db",
// ... other config
}
Troubleshooting
"unauthorized" error
- Make sure you're signed in
- Check that the auth token is saved in localStorage
- Try signing in again
"consent required" error
- You need to grant the specific consent type
- Click the appropriate "Grant Consent" button
- Try the protected endpoint again
Export/Deletion not processing
- Background processing is simulated in this demo
- In production, these would be handled by job queues
- Refresh the list to see updated status
Next Steps
After trying the demo:
- Review the plugin code in
plugins/enterprise/consent/ - Read the full documentation in
README.md - Check integration examples in
EXAMPLES.md - Review GDPR compliance details in
IMPLEMENTATION_SUMMARY.md
Production Deployment
This is a demo application. For production:
- Use a production database (PostgreSQL recommended)
- Enable TLS/HTTPS
- Configure proper secret keys
- Set up job queues for export/deletion processing
- Enable rate limiting
- Configure email notifications
- Set up monitoring and alerting
- Review security settings
Support
For questions or issues:
- Documentation: https://authsome.dev/plugins/consent
- GitHub Issues: https://github.com/xraph/authsome/issues
- Email: support@authsome.dev
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.