Skip to content

Package to handle Auth0 authorization in Go. Add middleware, ensure a user is valid or check permissions based on API scopes.

License

Notifications You must be signed in to change notification settings

ashmidgley/auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Auth0 Wrapper

Travis (.com) branch Go Report Card Go Reference

A package to make it easier to handle Auth0 authorization and check whether a user is valid or has permissions based on API scopes.

Setup

function (user, context, callback) {
 context.accessToken['http://example.com/username'] = user.username;
 return callback(null, user, context);
}

Install

go get github.com/ashmidgley/auth

Usage

JWT Middleware

Use the middleware to enforce authorization on routes:

package main

import (
  "net/http"
  
  "github.com/ashmidgley/auth"
  "github.com/example/api/users"
  "github.com/example/api/scores"
  "github.com/gorilla/mux"
)

func main() {
  router := mux.NewRouter()
  jwtMiddleware := auth.GetJwtMiddleware("example_audience", "example_issuer")
  
  router.Handle("/api/users", jwtMiddleware.Handler(users.GetUsers)).Methods("GET")
  router.Handle("/api/scores", jwtMiddleware.Handler(scores.CreateScore)).Methods("POST")
  
  http.ListenAndServe(":8080", router)
}

Has Permission?

Ensure a requester has a specified permission before performing an action:

package users

import (
  "fmt"
  "net/http"
  
  "github.com/ashmidgley/auth"
)

var GetUsers = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
  up := auth.UserPermission{
    Request:    request,
    Permission: "read_users",
  }

  if hasPermission, err := auth.HasPermission(up); err != nil {
    http.Error(writer, fmt.Sprintf("%v\n", err), http.StatusInternalServerError)
    return
  } else if !hasPermission {
    http.Error(writer, "invalid permissions to make request", http.StatusUnauthorized)
    return
  }
  
  // User has permission...
})

Valid User?

Confirm the requester is either making changes to their own data or has the correct permission to complete the action. Note that the UserValidation 'Identifier' value below is the same as we specified in our custom claims rule in Setup.

package scores

import (
  "fmt"
  "net/http"
  
  "github.com/ashmidgley/auth"
)

var CreateScore = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
  user := getUser(request)
  
  uv := auth.UserValidation{
    Request:    request,
    Permission: "write_scores",
    Identifier: "http://example.com/username",
    Key:        user.username,
  }

  if code, err := auth.ValidUser(uv); err != nil {
    http.Error(writer, fmt.Sprintf("%v\n", err), code)
    return
  }

  // User is valid...
})

About

Package to handle Auth0 authorization in Go. Add middleware, ensure a user is valid or check permissions based on API scopes.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages