LibAuth for Go - The modern authentication framework that feels as light as a library.
Go to file
AJ ONeal c3402609b4
bugfix(claims): invert jwk check condition
2022-05-09 13:34:08 -06:00
chiauth initial commit 2022-05-05 18:17:04 -06:00
vendor chore: go mod vendor 2022-05-05 18:17:04 -06:00
.gitignore Initial commit 2022-05-05 11:49:31 -06:00
LICENSE Initial commit 2022-05-05 11:49:31 -06:00
README.md doc: add missing 'return' in example 2022-05-05 18:17:04 -06:00
go.mod chore: go mod vendor 2022-05-05 18:17:04 -06:00
go.sum chore: go mod vendor 2022-05-05 18:17:04 -06:00
libauth.go bugfix(claims): invert jwk check condition 2022-05-09 13:34:08 -06:00

README.md

libauth

LibAuth for Go - A modern authentication framework that feels as light as a library.

godoc_button

Example Usage

How to verify a valid, trusted token as chi middleware:

package main

import (
	"net/http"

	"github.com/go-chi/chi/v5"

	"git.rootprojects.org/root/keypairs/keyfetch"
	"git.rootprojects.org/root/libauth"
	"git.rootprojects.org/root/libauth/chiauth"
)

func main() {
	r := chi.NewRouter()

	whitelist, err := keyfetch.NewWhitelist([]string{"https://accounts.google.com"})
	if nil != err {
		panic(err)
	}
	tokenVerifier := chiauth.NewTokenVerifier(chiauth.VerificationParams{
		Issuers:  whitelist,
		Optional: false,
	})
	r.Use(tokenVerifier)

	r.Post("/api/users/profile", func(w http.ResponseWriter, r *http.Request) {
		ctx := r.Context()
		jws, ok := ctx.Value(chiauth.JWSKey).(*libauth.JWS)
		if !ok || !jws.Trusted {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}

		userID := jws.Claims["sub"].(string)
		// ...
	})

    // ...
}

How to pass an auth token:

curl -X POST http://localhost:3000/api/users/profile \
    -H 'Authorization: Bearer <xxxx.yyyy.zzzz>' \
    -H 'Content-Type: application/json' \
    --raw-data '{ "foo": "bar" }'