README
¶
README
The auth/oauth2 package is used by Go services to apply OAuth2 authentication.
OAuth2 Providers
authentik
authentik is an open-source identity and access management solution that supports OAuth2. The authentik OAuth2 provider is used to authenticate users and authorize access to services.
To use the authentik OAuth2 provider, you first need to set up an authentik server, create and OAuth2 Provider and create an Application through their UI.
The client ID, client secret are required to configure the authentik OAuth2 provider.
Following is an example of how to use the auth/oauth2 package to authenticate users using the authentik OAuth2 provider.
package main
import (
goOauth2 "golang.org/x/oauth2"
"net/http"
"github.com/IOTechSystems/go-mod-edge-utils/pkg/auth/oauth2"
"github.com/labstack/echo/v4"
)
const (
clientID = "Your client ID"
clientSecret = "Your client secret"
// The redirect URL should be the same as the callback URL in your application
redirectURL = "http://localhost:8080/callback"
// The following URLs are the authentik OAuth2 provider URLs whose domain should be replaced with your authentik server domain
authURL = "http://localhost:9000/application/o/authorize/"
tokenURL = "http://localhost:9000/application/o/token/"
userInfoURL = "http://localhost:9000/application/o/userinfo/"
)
func main() {
e := echo.New()
// Set up the OAuth2 configuration for authentik
authEndpoint := goOauth2.Endpoint{
AuthURL: authURL,
TokenURL: tokenURL,
}
config := oauth2.NewAuthentikConfigs(clientID, clientSecret, redirectURL, authEndpoint)
// Create the authentik OAuth2 authenticator
oauth2Authenticator := oauth2.NewAuthentikAuthenticator(config, userInfoURL)
e.GET("/", func(c echo.Context) error {
return c.String(http.StatusOK, "Hello, World!")
})
// Set up the login and callback routes
e.GET("/login", echo.WrapHandler(oauth2Authenticator.RequestAuth()))
e.GET("/callback", echo.WrapHandler(oauth2Authenticator.Callback()))
e.Logger.Fatal(e.Start(":8080"))
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Authenticator ¶
type Authenticator interface {
// RequestAuth returns a http.HandlerFunc that redirects the user to the OAuth2 provider for authentication and gets the authorization code.
RequestAuth() http.HandlerFunc
// Callback returns a http.HandlerFunc that exchanges the authorization code for an access token and fetches user info from the OAuth2 provider.
Callback() http.HandlerFunc
}
Authenticator is an interface for OAuth2 authenticators.
func NewAuthentikAuthenticator ¶
func NewAuthentikAuthenticator(config *oauth2.Config, userInfoURL string, lc log.Logger) Authenticator
NewAuthentikAuthenticator creates a new Authenticator for authentik.
type AuthentikAuthenticator ¶
type AuthentikAuthenticator struct {
Config *oauth2.Config
UserInfoURL string
// contains filtered or unexported fields
}
func (*AuthentikAuthenticator) Callback ¶
func (a *AuthentikAuthenticator) Callback() http.HandlerFunc
Callback returns a http.HandlerFunc that exchanges the authorization code for an access token and fetches user info from the OAuth2 provider.
func (*AuthentikAuthenticator) RequestAuth ¶
func (a *AuthentikAuthenticator) RequestAuth() http.HandlerFunc
RequestAuth returns a http.HandlerFunc that redirects the user to the OAuth2 provider for authentication.
type AuthentikUserInfo ¶
type AuthentikUserInfo struct {
Sub string `json:"sub"`
Email string `json:"email"`
VerifiedEmail bool `json:"email_verified"`
Name string `json:"name"`
GivenName string `json:"given_name"`
PreferredUsername string `json:"preferred_username"`
Nickname string `json:"nickname"`
Groups []string `json:"groups"`
// Custom fields of a more common name for the user ID
UserID string `json:"id"`
}
func (*AuthentikUserInfo) Validate ¶
func (u *AuthentikUserInfo) Validate() error
Validate validates user info
Source Files
Directories