https://github.com/posener/auth

Painless OAuth authentication middleware
https://github.com/posener/auth

go golang google google-api http middleware oauth2

Last synced: 13 days ago
JSON representation

Painless OAuth authentication middleware

• Host: GitHub
• URL: https://github.com/posener/auth
• Owner: posener
• License: apache-2.0
• Created: 2021-04-02T10:24:16.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2021-09-15T10:53:09.000Z (about 3 years ago)
• Last Synced: 2024-10-04T18:22:53.704Z (about 1 month ago)
• Topics: go, golang, google, google-api, http, middleware, oauth2
• Language: Go
• Homepage:
• Size: 74.2 KB
• Stars: 9
• Watchers: 2
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# auth

[![codecov](https://codecov.io/gh/posener/auth/branch/master/graph/badge.svg)](https://codecov.io/gh/posener/auth)

[![GoDoc](https://img.shields.io/badge/pkg.go.dev-doc-blue)](http://pkg.go.dev/github.com/posener/auth)

ackage auth provides painless OAuth2 authentication for http handlers.

After creating an Auth object, the `RedirectHandler` should be mounted to answer the

cfg.OAuth2.RedirectURL http calls and the `Authenticate` method can be used to enforce

authentication on http handlers.

The `User` function can be used to get the logged in user in an authenticated http handler.

See simple usage example in [./example/main.go](./example/main.go).

```go

a, err := auth.New(ctx, auth.Config{ ... })

if err != nil { /* Handle error */ }

mux := http.NewServeMux()

mux.Handle("/", a.Authenticate(handler))  // Authenticate a given handler on '/'.

mux.Handle("/auth", a.RedirectHandler())  // Handle OAuth2 redirect.

log.Fatal(http.ListenAndServe(":8080", mux)) // Serve.

```

## Authentication

Authentication is done by wrapping an `http.Handler` that requires only signed in users

with the `Authenticate` middleware method.

## Authorization

Authorization is allowing only specific users to access an `http.Handler`. For example, allowing

only [email protected], or anyone that signed in using their @example.com. This can be done by

inspecting the username using the `auth.User(ctx)` method, inside the authenticated `http.Handler`.

For example, given a function `authorized` that checks if the signed-in user is authorized:

```go

func handler(w http.ResponseWriter, r *http.Request) {

	creds := auth.User(r.Context())

	if !authorized(creds) {

		// Handle unauthorized users.

		http.Error(w, "User not allowed", http.StatusForbidden)

		return

	}

	// Handle authorized users.

}

// authorized is an example function that checks if a user is authorized.

func authorized(creds *auth.Creds) bool { return creds.Email == "[email protected]" }

```

## Features

- [x] Automatic redirects to OAuth2 flow (login screen) from authorized handlers when user

is not authenticated.

- [x] Redirect handler automatic redirects to the path that requested to the authentication. Such

that if user visited /foo and was sent to the OAuth2 login. After successfull login it

will return to /foo.

- [x] Auth2 id_token is automatically stored in a Cookie. This allows users not to go through

the authentication phase on every authenticated page, or on different sessions.

## Sub Packages

* [example](./example): The example program shows how to use the auth package.

---

Readme created from Go doc with [goreadme](https://github.com/posener/goreadme)