Skip to content
/ auth Public

Package to handle Auth0 authorization in Go. Add middleware, ensure a user is valid or check permissions based on API scopes.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ashmidgley/auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
auth.go
auth.go
 
 
auth_test.go
auth_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Auth0 Wrapper

Travis (.com) branch Go Report Card Go Reference

A package to make it easier to handle Auth0 authorization and check whether a user is valid or has permissions based on API scopes.

Setup

function (user, context, callback) {
 context.accessToken['http://example.com/username'] = user.username;
 return callback(null, user, context);
}

Install

go get github.com/ashmidgley/auth

Usage

JWT Middleware

Use the middleware to enforce authorization on routes:

package main

import (
  "net/http"
  
  "github.com/ashmidgley/auth"
  "github.com/example/api/users"
  "github.com/example/api/scores"
  "github.com/gorilla/mux"
)

func main() {
  router := mux.NewRouter()
  jwtMiddleware := auth.GetJwtMiddleware("example_audience", "example_issuer")
  
  router.Handle("/api/users", jwtMiddleware.Handler(users.GetUsers)).Methods("GET")
  router.Handle("/api/scores", jwtMiddleware.Handler(scores.CreateScore)).Methods("POST")
  
  http.ListenAndServe(":8080", router)
}

Has Permission?

Ensure a requester has a specified permission before performing an action:

package users

import (
  "fmt"
  "net/http"
  
  "github.com/ashmidgley/auth"
)

var GetUsers = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
  up := auth.UserPermission{
    Request:    request,
    Permission: "read_users",
  }

  if hasPermission, err := auth.HasPermission(up); err != nil {
    http.Error(writer, fmt.Sprintf("%v\n", err), http.StatusInternalServerError)
    return
  } else if !hasPermission {
    http.Error(writer, "invalid permissions to make request", http.StatusUnauthorized)
    return
  }
  
  // User has permission...
})

Valid User?

Confirm the requester is either making changes to their own data or has the correct permission to complete the action. Note that the UserValidation 'Identifier' value below is the same as we specified in our custom claims rule in Setup.

package scores

import (
  "fmt"
  "net/http"
  
  "github.com/ashmidgley/auth"
)

var CreateScore = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
  user := getUser(request)
  
  uv := auth.UserValidation{
    Request:    request,
    Permission: "write_scores",
    Identifier: "http://example.com/username",
    Key:        user.username,
  }

  if code, err := auth.ValidUser(uv); err != nil {
    http.Error(writer, fmt.Sprintf("%v\n", err), code)
    return
  }

  // User is valid...
})

About

Package to handle Auth0 authorization in Go. Add middleware, ensure a user is valid or check permissions based on API scopes.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages