auth0

package module
v0.0.0-...-c3b2b7c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2024 License: MIT Imports: 9 Imported by: 0

README

Build Status Coverage Status GoDoc Report Cart MIT License

auth0

auth0 is a package helping to authenticate using the Auth0 service.

Installation

go get github.com/auth0-community/go-auth0

Client Credentials - HS256

Using HS256, the validation key is the secret you retrieve in the dashboard.

// Creates a configuration with the Auth0 information
secret, _ := base64.URLEncoding.DecodeString(os.Getenv("AUTH0_CLIENT_SECRET"))
secretProvider := auth0.NewKeyProvider(secret)
audience := os.Getenv("AUTH0_CLIENT_ID")

configuration := auth0.NewConfiguration(secretProvider, []string{audience}, "https://mydomain.eu.auth0.com/", jose.HS256)
validator := auth0.NewValidator(configuration)

token, err := validator.ValidateRequest(r)

if err != nil {
    fmt.Println("Token is not valid:", token)
}

Client Credentials - RS256

Using RS256, the validation key is the certificate you find in advanced settings

// Extracted from https://github.com/square/go-jose/blob/master/utils.go
// LoadPublicKey loads a public key from PEM/DER-encoded data.
func LoadPublicKey(data []byte) (interface{}, error) {
	input := data

	block, _ := pem.Decode(data)
	if block != nil {
		input = block.Bytes
	}

	// Try to load SubjectPublicKeyInfo
	pub, err0 := x509.ParsePKIXPublicKey(input)
	if err0 == nil {
		return pub, nil
	}

	cert, err1 := x509.ParseCertificate(input)
	if err1 == nil {
		return cert.PublicKey, nil
	}

	return nil, fmt.Errorf("square/go-jose: parse error, got '%s' and '%s'", err0, err1)
}
// Create a configuration with the Auth0 information
secret, _ := LoadPublicKey(sharedKey)
secretProvider := auth0.NewKeyProvider(secret)
audience := os.Getenv("AUTH0_CLIENT_ID")

configuration := auth0.NewConfiguration(secretProvider, []string{audience}, "https://mydomain.eu.auth0.com/", jose.RS256)
validator := auth0.NewValidator(configuration)

token, err := validator.ValidateRequest(r)

if err != nil {
    fmt.Println("Token is not valid:", token)
}

API with JWK

   
client := NewJWKClient(JWKClientOptions{URI: "https://mydomain.eu.auth0.com/.well-known/jwks.json"})
audience := os.Getenv("AUTH0_CLIENT_ID")
configuration := NewConfiguration(client, []string{audience}, "https://mydomain.eu.auth0.com/", jose.RS256)
validator := NewValidator(configuration)

token, err := validator.ValidateRequest(r)

if err != nil {
    fmt.Println("Token is not valid:", token)
}

Example

Gin

Using Gin and the Auth0 Authorization Extension, you may want to implement the authentication auth like the following:

var auth.AdminGroup string = "my_admin_group"

// Access Control Helper function.
func shouldAccess(wantedGroups []string, groups []interface{}) bool { 
 /* Fill depending on your needs */
}

// Wrapping a Gin endpoint with Auth0 Groups.
func Auth0Groups(wantedGroups ...string) gin.HandlerFunc {

	return gin.HandlerFunc(func(c *gin.Context) {

		tok, err := validator.ValidateRequest(c.Request)
		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid token"})
			c.Abort()
			log.Println("Invalid token:", err)
			return
		}

		claims := map[string]interface{}{}
		err = validator.Claims(c.Request, tok, &claims)
		if err != nil {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid claims"})
			c.Abort()
			log.Println("Invalid claims:", err)
			return
		}

		metadata, okMetadata := claims["app_metadata"].(map[string]interface{})
		authorization, okAuthorization := metadata["authorization"].(map[string]interface{})
		groups, hasGroups := authorization["groups"].([]interface{})
		if !okMetadata || !okAuthorization || !hasGroups || !shouldAccess(wantedGroups, groups) {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "need more privileges"})
			c.Abort()
			log.Println("Need more provileges")
			return
		}
		c.Next()
	})
}

// Use it
r.PUT("/news", auth.Auth0Groups(auth.AdminGroup), api.GetNews)

For a sample usage, take a look inside the example directory.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidContentType = errors.New("Should have a JSON content type for JWKS endpoint.")
	ErrNoKeyFound         = errors.New("No Keys has been found")
	ErrInvalidTokenHeader = errors.New("No valid header found")
	ErrInvalidAlgorithm   = errors.New("Only RS256 is supported")
)
View Source 
var (
	ErrNoJWTHeaders = errors.New("No headers in the token")
)
View Source 
var (
	ErrTokenNotFound = errors.New("Token not found")
)

Functions

func FromHeader 

func FromHeader(r *http.Request) (*jwt.JSONWebToken, error)

FromHeader looks for the request in the authentication header or call ParseMultipartForm if not present.

Types

type Configuration 

type Configuration struct {
	// contains filtered or unexported fields
}

Configuration contains all the information about the Auth0 service.

func NewConfiguration 

func NewConfiguration(provider SecretProvider, audience []string, issuer string, method jose.SignatureAlgorithm) Configuration

NewConfiguration creates a configuration for server

type JWKClient 

type JWKClient struct {
	// contains filtered or unexported fields
}

func NewJWKClient 

func NewJWKClient(options JWKClientOptions) *JWKClient

NewJWKClient creates a new JWKClient instance from the provided options.

func (*JWKClient) GetKey 

func (j *JWKClient) GetKey(ID string) (jose.JSONWebKey, error)

GetKey returns the key associated with the provided ID.

func (*JWKClient) GetSecret 

func (j *JWKClient) GetSecret(req *http.Request) (interface{}, error)

type JWKClientOptions 

type JWKClientOptions struct {
	URI string
}

type JWKS 

type JWKS struct {
	Keys []jose.JSONWebKey `json:"keys"`
}

type JWTValidator 

type JWTValidator struct {
	// contains filtered or unexported fields
}

JWTValidator helps middleware to validate token

func NewValidator 

func NewValidator(config Configuration) *JWTValidator

NewValidator creates a new validator with the provided configuration.

func (*JWTValidator) Claims 

func (v *JWTValidator) Claims(req *http.Request, token *jwt.JSONWebToken, values ...interface{}) error

Claims unmarshall the claims of the provided token

func (*JWTValidator) ValidateRequest 

func (v *JWTValidator) ValidateRequest(r *http.Request) (*jwt.JSONWebToken, error)

ValidateRequest validates the token within the http request.

type RequestTokenExtractor 

type RequestTokenExtractor interface {
	Extract(r *http.Request) (*jwt.JSONWebToken, error)
}

RequestTokenExtractor can extract a JWT from a request.

type RequestTokenExtractorFunc 

type RequestTokenExtractorFunc func(r *http.Request) (*jwt.JSONWebToken, error)

RequestTokenExtractorFunc function conforming to the RequestTokenExtractor interface.

func (RequestTokenExtractorFunc) Extract 

func (f RequestTokenExtractorFunc) Extract(r *http.Request) (*jwt.JSONWebToken, error)

Extract calls f(r)

type SecretProvider 

type SecretProvider interface {
	GetSecret(req *http.Request) (interface{}, error)
}

SecretProvider will provide everything needed retrieve the secret.

func NewKeyProvider 

func NewKeyProvider(key interface{}) SecretProvider

NewKeyProvider provide a simple passphrase key provider.

type SecretProviderFunc 

type SecretProviderFunc func(req *http.Request) (interface{}, error)

SecretProviderFunc simple wrappers to provide secret with functions.

func (SecretProviderFunc) GetSecret 

func (f SecretProviderFunc) GetSecret(req *http.Request) (interface{}, error)

GetSecret implements the SecretProvider interface.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.