oauth2

package
v1.0.23 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2024 License: Apache-2.0 Imports: 11 Imported by: 0

README

README

The auth/oauth2 package is used by Go services to apply OAuth2 authentication.

OAuth2 Providers

authentik

authentik is an open-source identity and access management solution that supports OAuth2. The authentik OAuth2 provider is used to authenticate users and authorize access to services.

To use the authentik OAuth2 provider, you first need to set up an authentik server, create and OAuth2 Provider and create an Application through their UI.

The client ID, client secret are required to configure the authentik OAuth2 provider.

Following is an example of how to use the auth/oauth2 package to authenticate users using the authentik OAuth2 provider.

package main

import (
	goOauth2 "golang.org/x/oauth2"
	"net/http"

	"github.com/IOTechSystems/go-mod-edge-utils/pkg/auth/oauth2"
	"github.com/labstack/echo/v4"
)

const (
	clientID     = "Your client ID"
	clientSecret = "Your client secret"
	// The redirect URL should be the same as the callback URL in your application
	redirectURL  = "http://localhost:8080/callback"
	
	// The following URLs are the authentik OAuth2 provider URLs whose domain should be replaced with your authentik server domain
	authURL      = "http://localhost:9000/application/o/authorize/"
	tokenURL     = "http://localhost:9000/application/o/token/"
	userInfoURL  = "http://localhost:9000/application/o/userinfo/"
)

func main() {
	e := echo.New()

	// Set up the OAuth2 configuration for authentik
	authEndpoint := goOauth2.Endpoint{
		AuthURL:  authURL,
		TokenURL: tokenURL,
	}
	config := oauth2.NewAuthentikConfigs(clientID, clientSecret, redirectURL, authEndpoint)

	// Create the authentik OAuth2 authenticator
	oauth2Authenticator := oauth2.NewAuthentikAuthenticator(config, userInfoURL)

	e.GET("/", func(c echo.Context) error {
		return c.String(http.StatusOK, "Hello, World!")
	})
	// Set up the login and callback routes
	e.GET("/login", echo.WrapHandler(oauth2Authenticator.RequestAuth()))
	e.GET("/callback", echo.WrapHandler(oauth2Authenticator.Callback()))
	e.Logger.Fatal(e.Start(":8080"))
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAuthentikConfigs

func NewAuthentikConfigs(clientId string, clientSecret string, redirectURL string, endpoint oauth2.Endpoint) *oauth2.Config

NewAuthentikConfigs returns an oauth2.Config object with the given parameters.

Types

type Authenticator

type Authenticator interface {
	// RequestAuth returns a http.HandlerFunc that redirects the user to the OAuth2 provider for authentication and gets the authorization code.
	RequestAuth() http.HandlerFunc
	// Callback returns a http.HandlerFunc that exchanges the authorization code for an access token and fetches user info from the OAuth2 provider.
	Callback() http.HandlerFunc
}

Authenticator is an interface for OAuth2 authenticators.

func NewAuthentikAuthenticator

func NewAuthentikAuthenticator(config *oauth2.Config, userInfoURL string, lc log.Logger) Authenticator

NewAuthentikAuthenticator creates a new Authenticator for authentik.

type AuthentikAuthenticator

type AuthentikAuthenticator struct {
	Config      *oauth2.Config
	UserInfoURL string
	// contains filtered or unexported fields
}

func (*AuthentikAuthenticator) Callback

func (a *AuthentikAuthenticator) Callback() http.HandlerFunc

Callback returns a http.HandlerFunc that exchanges the authorization code for an access token and fetches user info from the OAuth2 provider.

func (*AuthentikAuthenticator) RequestAuth

func (a *AuthentikAuthenticator) RequestAuth() http.HandlerFunc

RequestAuth returns a http.HandlerFunc that redirects the user to the OAuth2 provider for authentication.

type AuthentikUserInfo

type AuthentikUserInfo struct {
	Sub               string   `json:"sub"`
	Email             string   `json:"email"`
	VerifiedEmail     bool     `json:"email_verified"`
	Name              string   `json:"name"`
	GivenName         string   `json:"given_name"`
	PreferredUsername string   `json:"preferred_username"`
	Nickname          string   `json:"nickname"`
	Groups            []string `json:"groups"`

	// Custom fields of a more common name for the user ID
	UserID string `json:"id"`
}

func (*AuthentikUserInfo) Validate

func (u *AuthentikUserInfo) Validate() error

Validate validates user info

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL