oauth2

package
v1.0.25 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

README

README

The auth/oauth2 package is used by Go services to apply OAuth2 authentication.

OAuth2 Providers

authentik

authentik is an open-source identity and access management solution that supports OAuth2. The authentik OAuth2 provider is used to authenticate users and authorize access to services.

To use the authentik OAuth2 provider, you first need to set up an authentik server, create and OAuth2 Provider and create an Application through their UI.

The client ID, client secret are required to configure the authentik OAuth2 provider.

Following is an example of how to use the auth/oauth2 package to authenticate users using the authentik OAuth2 provider.

package main

import (
	goOauth2 "golang.org/x/oauth2"
	"net/http"

	"github.com/labstack/echo/v4"
	
	"github.com/IOTechSystems/go-mod-edge-utils/pkg/auth/jwt"
	"github.com/IOTechSystems/go-mod-edge-utils/pkg/auth/oauth2"
	"github.com/IOTechSystems/go-mod-edge-utils/pkg/errors"
	"github.com/IOTechSystems/go-mod-edge-utils/pkg/log"
)

const (
	clientID     = "Your client ID"
	clientSecret = "Your client secret"
	// The redirect URL should be the same as the callback URL in your application
	redirectURL  = "http://localhost:8080/callback"
	
	// The following URLs are the authentik OAuth2 provider URLs whose domain should be replaced with your authentik server domain
	authURL      = "http://localhost:9000/application/o/authorize/"
	tokenURL     = "http://localhost:9000/application/o/token/"
	userInfoURL  = "http://localhost:9000/application/o/userinfo/"
	redirectPath = "/"
)

func main() {
	e := echo.New()

	// Set up the OAuth2 configuration for authentik
	config := oauth2.NewAuthentikConfigs(clientID, clientSecret, authURL, tokenURL, redirectURL, userInfoURL, redirectPath)

	logger := log.InitLogger("main", log.InfoLog, nil)

	// Create the authentik OAuth2 authenticator
	oauth2Authenticator := oauth2.NewAuthentikAuthenticator(config, logger)

	e.GET("/", func(c echo.Context) error {
		return c.String(http.StatusOK, "Hello, World!")
	})
	// Set up the login and callback routes
	e.GET("/login", echo.WrapHandler(oauth2Authenticator.RequestAuth()))
	e.GET("/callback", echo.WrapHandler(oauth2Authenticator.Callback(handleUserInfo)))
	e.Logger.Fatal(e.Start(":8080"))
}

// handleUserInfo is a callback function that is called after the user is authenticated from the OAuth2 provider.
func handleUserInfo(userInfo any) (token *jwt.TokenDetails, err errors.Error) {
	userInfo, ok := userInfo.(oauth2.AuthentikUserInfo)
	if !ok {
		return nil, errors.NewBaseError(errors.KindServerError, "failed to cast user info to AuthentikUserInfo", nil, nil)
	}

	fakeToken := &jwt.TokenDetails{
		AccessToken:  "accesstoken",
		RefreshToken: "refreshtoken",
		AccessId:     "accessid",
		RefreshId:    "refreshid",
		AtExpires:    0,
		RtExpires:    0,
	}
	return fakeToken, nil
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator 

type Authenticator interface {
	// RequestAuth returns a http.HandlerFunc that redirects the user to the OAuth2 provider for authentication and gets the authorization code.
	RequestAuth() http.HandlerFunc
	// Callback returns a http.HandlerFunc that exchanges the authorization code for an access token and fetches user info from the OAuth2 provider.
	// The parameter is a function that takes the user info and returns the JWT token or an error.
	Callback(func(userInfo any) (token *jwt.TokenDetails, err errors.Error)) http.HandlerFunc
}

Authenticator is an interface for OAuth2 authenticators.

func NewAuthentikAuthenticator 

func NewAuthentikAuthenticator(config Config, lc log.Logger) Authenticator

NewAuthentikAuthenticator creates a new Authenticator for authentik.

type AuthentikAuthenticator 

type AuthentikAuthenticator struct {
	Config Config
	// contains filtered or unexported fields
}

func (*AuthentikAuthenticator) Callback 

func (a *AuthentikAuthenticator) Callback(loginAndGetJWT func(userInfo any) (token *jwt.TokenDetails, err errors.Error)) http.HandlerFunc

Callback returns a http.HandlerFunc that exchanges the authorization code for an access token and fetches user info from the OAuth2 provider. The parameter is a function that takes the user info and returns the JWT token or an error.

func (*AuthentikAuthenticator) RequestAuth 

func (a *AuthentikAuthenticator) RequestAuth() http.HandlerFunc

RequestAuth returns a http.HandlerFunc that redirects the user to the OAuth2 provider for authentication.

type AuthentikUserInfo 

type AuthentikUserInfo struct {
	Sub               string   `json:"sub"`
	Email             string   `json:"email"`
	VerifiedEmail     bool     `json:"email_verified"`
	Name              string   `json:"name"`
	GivenName         string   `json:"given_name"`
	PreferredUsername string   `json:"preferred_username"`
	Nickname          string   `json:"nickname"`
	Groups            []string `json:"groups"`

	// Custom fields of a more common name for the user ID
	UserID string `json:"id"`
}

func (*AuthentikUserInfo) Validate 

func (u *AuthentikUserInfo) Validate() error

Validate validates user info

type Config added in v1.0.24 

type Config struct {
	GoOAuth2Config *oauth2.Config
	UserInfoURL    string
	RedirectPath   string // RedirectPath is the path that the user will be redirected to after login
}

func NewAuthentikConfigs 

func NewAuthentikConfigs(clientId, clientSecret, authURL, tokenURL, redirectURL, userInfoURL, redirectPath string) Config

NewAuthentikConfigs returns a new Config for authentik.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.