{"id":28989660,"url":"https://github.com/gjovanovicst/golang-auth-api","last_synced_at":"2026-06-15T20:31:23.825Z","repository":{"id":300317646,"uuid":"1005855996","full_name":"gjovanovicst/golang-auth-api","owner":"gjovanovicst","description":"A modern, production-ready Go REST API for authentication and authorization, featuring social login, email verification, JWT, and Redis integration.","archived":false,"fork":false,"pushed_at":"2026-05-24T17:27:54.000Z","size":1913,"stargazers_count":120,"open_issues_count":1,"forks_count":18,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-05-24T19:23:35.249Z","etag":null,"topics":["api","authentication","authorization","docker","email-verification","gin","go","golang","gotm","hot-reload","jwt","microservice","oauth2","password-reset","postgresql","redis","rest-api","restful-api","social-login","unit-testing"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gjovanovicst.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-06-21T00:32:12.000Z","updated_at":"2026-05-15T12:54:23.000Z","dependencies_parsed_at":"2025-06-21T02:33:35.100Z","dependency_job_id":"a292a9c0-728b-4c37-a6d8-335aec3664f7","html_url":"https://github.com/gjovanovicst/golang-auth-api","commit_stats":null,"previous_names":["gjovanovicst/golang-auth-api"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/gjovanovicst/golang-auth-api","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gjovanovicst%2Fgolang-auth-api","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gjovanovicst%2Fgolang-auth-api/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gjovanovicst%2Fgolang-auth-api/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gjovanovicst%2Fgolang-auth-api/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gjovanovicst","download_url":"https://codeload.github.com/gjovanovicst/golang-auth-api/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gjovanovicst%2Fgolang-auth-api/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34379915,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-15T02:00:07.085Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","authentication","authorization","docker","email-verification","gin","go","golang","gotm","hot-reload","jwt","microservice","oauth2","password-reset","postgresql","redis","rest-api","restful-api","social-login","unit-testing"],"created_at":"2025-06-24T23:12:38.726Z","updated_at":"2026-06-15T20:31:23.813Z","avatar_url":"https://github.com/gjovanovicst.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"banner.png\" alt=\"Auth API - Production-Ready Authentication \u0026 Authorization\" width=\"100%\" /\u003e\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n\nA complete authentication and authorization system with multi-tenancy, social login, WebAuthn/passkeys, magic link login, role-based access control, two-factor authentication, session management, email verification, JWT tokens, admin GUI, and activity logging.\n\n[![Go Version](https://img.shields.io/badge/Go-1.23+-00ADD8?style=flat\u0026logo=go)](https://golang.org)\n[![License](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)\n[![Docker](https://img.shields.io/badge/Docker-Supported-2496ED?style=flat\u0026logo=docker)](https://www.docker.com/)\n[![Swagger](https://img.shields.io/badge/API-Swagger-85EA2D?style=flat\u0026logo=swagger)](http://localhost:8080/swagger/index.html)\n\n[Quick Start](#quick-start) · [Documentation](#documentation) · [Contributing](#contributing)\n\n\u003c/div\u003e\n\n---\n\n## Features\n\n- **Multi-Tenancy** -- Serve multiple organizations and applications from a single deployment with complete data isolation\n- **Session Groups** -- Link applications into named groups with shared authentication state and configurable global logout (cross-app SSO within a tenant)\n- **Authentication** -- Registration, login, JWT access/refresh tokens, token blacklisting, password reset, email verification, resend verification\n- **WebAuthn/Passkeys** -- FIDO2 passkey registration, passkey as 2FA method, and fully passwordless login via discoverable credentials\n- **Magic Link Login** -- Passwordless authentication via email magic links for both users and admin accounts\n- **Two-Factor Authentication** -- TOTP with authenticator apps, SMS-based 2FA, email-based 2FA, passkey-based 2FA, backup email recovery, recovery codes, and trusted devices\n- **Social Login** -- Google, Facebook, and GitHub OAuth2 with account linking and unlinking\n- **OIDC Provider** -- Each application can act as a standards-compliant OpenID Connect issuer (Authorization Code + PKCE, RS256 ID tokens, JWKS, introspection, token revocation)\n- **Webhook System** -- Register HTTP endpoints to receive HMAC-signed event notifications with delivery tracking and automatic retries\n- **Brute-Force Protection** -- Per-application account lockout, progressive login delays, and CAPTCHA trigger thresholds\n- **GeoIP \u0026 IP Rules** -- MaxMind GeoLite2-based IP access rules with CIDR/country allow-lists and block-lists per application\n- **API Key Scopes \u0026 Usage** -- Granular permission scopes on API keys with per-key daily usage analytics and expiry notifications\n- **Health \u0026 Metrics** -- `GET /health` liveness check and `GET /metrics` Prometheus endpoint with request and system metrics\n- **Role-Based Access Control** -- Per-application roles and permissions with admin management and self-healing default role assignment\n- **Session Management** -- List active sessions across devices, revoke individual sessions, and revoke all other sessions\n- **Admin GUI** -- Built-in web panel for managing tenants, apps, users, OAuth configs, API keys, roles, permissions, sessions, webhooks, OIDC clients, IP rules, monitoring, and settings\n- **Activity Logging** -- Smart event categorization, anomaly detection, CSV export, and automatic retention cleanup\n- **User Import/Export** -- Bulk CSV export and import of user accounts via the admin panel\n- **Security Hardening** -- Rate limiting, security headers, timing-safe CSRF, JWT token type enforcement, Redis session validation\n- **API Documentation** -- Interactive Swagger UI\n\n---\n\n## Quick Start\n\n**Prerequisites:** Docker \u0026 Docker Compose (recommended), or Go 1.23+, PostgreSQL 13+, Redis 6+\n\n```bash\n# Clone and configure\ngit clone \u003crepository-url\u003e\ncd \u003cproject-directory\u003e\ncp .env.example .env        # Edit with your settings\n\n# Start services\n./setup-network.sh create   # First time only\nmake docker-dev              # Start PostgreSQL, Redis, and the API\nmake migrate-up              # Apply database migrations\n```\n\nThe API is now running at `http://localhost:8080`\nSwagger docs at `http://localhost:8080/swagger/index.html`\n\nAll API requests require the `X-App-ID` header. The default app ID `00000000-0000-0000-0000-000000000001` is created automatically.\n\n```bash\ncurl -X POST http://localhost:8080/auth/register \\\n  -H \"X-App-ID: 00000000-0000-0000-0000-000000000001\" \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"email\":\"user@example.com\",\"password\":\"Pass123!@#\"}'\n```\n\nFor detailed setup instructions, see [Getting Started](docs/getting-started.md).\n\n---\n\n## Documentation\n\n| Document | Description |\n|----------|-------------|\n| **[Getting Started](docs/getting-started.md)** | Installation, setup, and first steps |\n| **[Configuration](docs/configuration.md)** | Environment variables and OAuth setup |\n| **[API Endpoints](docs/api-endpoints.md)** | Full endpoint reference and auth flows |\n| **[Multi-Tenancy](docs/multi-tenancy.md)** | Tenant/app management and data isolation |\n| **[Admin GUI](docs/admin-gui.md)** | Built-in admin panel setup and usage |\n| **[Activity Logging](docs/activity-logging.md)** | Smart logging, anomaly detection, retention |\n| **[Database Migrations](docs/database-migrations.md)** | Migration system and commands |\n| **[Testing](docs/testing.md)** | Running tests and coverage |\n| **[Project Structure](docs/project-structure.md)** | Codebase layout and architecture |\n| **[Makefile Reference](docs/makefile-reference.md)** | All available make commands |\n| **[Architecture](docs/ARCHITECTURE.md)** | System design and patterns |\n| **[API Reference (detailed)](docs/API.md)** | Full request/response documentation |\n| **[Changelog](CHANGELOG.md)** | Version history and release notes |\n\nFor early fork users upgrading from before multi-tenancy was added, see the [Pre-Release Migration Reference](docs/BREAKING_CHANGES.md).\n\n---\n\n## Tech Stack\n\n| Category | Technology |\n|----------|-----------|\n| Language | Go 1.23+ |\n| Web Framework | [Gin](https://github.com/gin-gonic/gin) |\n| Database | PostgreSQL 13+ with [GORM](https://gorm.io/) |\n| Cache/Sessions | Redis 6+ with [go-redis](https://github.com/redis/go-redis) |\n| Authentication | JWT ([golang-jwt](https://github.com/golang-jwt/jwt)), OAuth2 |\n| WebAuthn | [go-webauthn](https://github.com/go-webauthn/webauthn) |\n| 2FA | TOTP ([pquerna/otp](https://github.com/pquerna/otp)), SMS (Twilio) |\n| OIDC | Built-in OpenID Connect provider (RS256, PKCE, JWKS) |\n| GeoIP | MaxMind GeoLite2 |\n| Metrics | Prometheus |\n| API Docs | [Swagger/Swaggo](https://github.com/swaggo/swag) |\n| Admin GUI | Go Templates, HTMX, Bootstrap 5 |\n| Containerization | Docker, Docker Compose |\n\n---\n\n## Contributing\n\nContributions are welcome. Please read [CONTRIBUTING.md](CONTRIBUTING.md) and [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) before opening a pull request.\n\n```bash\n# Development workflow\nmake dev              # Start with hot reload\nmake test             # Run tests\nmake fmt \u0026\u0026 make lint # Format and lint\nmake security         # Security checks\n```\n\n---\n\n## Security\n\nFor reporting vulnerabilities, **do not create public issues**. Read [SECURITY.md](SECURITY.md) for instructions on responsible disclosure.\n\n---\n\n## License\n\nThis project is licensed under the MIT License. See [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgjovanovicst%2Fgolang-auth-api","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgjovanovicst%2Fgolang-auth-api","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgjovanovicst%2Fgolang-auth-api/lists"}