endpoints

func (*Client) AdminAudit ¶

func (c *Client) AdminAudit(req types.AdminAuditRequest) (*types.AdminAuditResponse, error)

GET /admin/audit

Get audit logs.

May optionally specify a query to use for filtering the audit logs. The column and value must be specified if using a query.

The result may also be paginated. By default, 50 results will be returned per request. This can be configured with PerPage in the request. The response will include the total number of results, as well as the total number of pages and, if not already on the last page, the next page number.

func (*Client) AdminCreateSSOProvider ¶

func (c *Client) AdminCreateSSOProvider(req types.AdminCreateSSOProviderRequest) (*types.AdminCreateSSOProviderResponse, error)

POST /admin/sso/providers

Create a new SAML SSO Identity Provider.

func (*Client) AdminCreateUser ¶

func (c *Client) AdminCreateUser(req types.AdminCreateUserRequest) (*types.AdminCreateUserResponse, error)

POST /admin/users

Creates the user based on the user_id specified.

func (*Client) AdminDeleteSSOProvider ¶

func (c *Client) AdminDeleteSSOProvider(req types.AdminDeleteSSOProviderRequest) (*types.AdminDeleteSSOProviderResponse, error)

DELETE /admin/sso/providers/{idp_id}

Delete a SAML SSO Identity Provider by ID.

func (*Client) AdminDeleteUser ¶

func (c *Client) AdminDeleteUser(req types.AdminDeleteUserRequest) error

DELETE /admin/users/{user_id}

Delete a user by their user_id.

func (*Client) AdminDeleteUserFactor ¶

func (c *Client) AdminDeleteUserFactor(req types.AdminDeleteUserFactorRequest) error

DELETE /admin/users/{user_id}/factors/{factor_id}

Delete a factor for a user.

func (*Client) AdminGenerateLink ¶

func (c *Client) AdminGenerateLink(req types.AdminGenerateLinkRequest) (*types.AdminGenerateLinkResponse, error)

POST /admin/generate_link

Returns the corresponding email action link based on the type specified. Among other things, the response also contains the query params of the action link as separate JSON fields for convenience (along with the email OTP from which the corresponding token is generated).

func (*Client) AdminGetSSOProvider ¶

func (c *Client) AdminGetSSOProvider(req types.AdminGetSSOProviderRequest) (*types.AdminGetSSOProviderResponse, error)

GET /admin/sso/providers/{idp_id}

Get a SAML SSO Identity Provider by ID.

func (*Client) AdminGetUser ¶

func (c *Client) AdminGetUser(req types.AdminGetUserRequest) (*types.AdminGetUserResponse, error)

GET /admin/users/{user_id}

Get a user by their user_id.

func (*Client) AdminListSSOProviders ¶

func (c *Client) AdminListSSOProviders() (*types.AdminListSSOProvidersResponse, error)

GET /admin/sso/providers

Get a list of all SAML SSO Identity Providers in the system.

func (*Client) AdminListUserFactors ¶

func (c *Client) AdminListUserFactors(req types.AdminListUserFactorsRequest) (*types.AdminListUserFactorsResponse, error)

GET /admin/users/{user_id}/factors

Get a list of factors for a user.

func (*Client) AdminListUsers ¶

func (c *Client) AdminListUsers() (*types.AdminListUsersResponse, error)

GET /admin/users

Get a list of users.

func (*Client) AdminUpdateSSOProvider ¶

func (c *Client) AdminUpdateSSOProvider(req types.AdminUpdateSSOProviderRequest) (*types.AdminUpdateSSOProviderResponse, error)

PUT /admin/sso/providers/{idp_id}

Update a SAML SSO Identity Provider by ID.

func (*Client) AdminUpdateUser ¶

func (c *Client) AdminUpdateUser(req types.AdminUpdateUserRequest) (*types.AdminUpdateUserResponse, error)

PUT /admin/users/{user_id}

Update a user by their user_id.

func (*Client) AdminUpdateUserFactor ¶

func (c *Client) AdminUpdateUserFactor(req types.AdminUpdateUserFactorRequest) (*types.AdminUpdateUserFactorResponse, error)

PUT /admin/users/{user_id}/factors/{factor_id}

Update a factor for a user.

func (*Client) Authorize ¶

func (c *Client) Authorize(req types.AuthorizeRequest) (*types.AuthorizeResponse, error)

GET /authorize

Get access_token from external oauth provider.

Scopes are optional additional scopes depending on the provider (email and name are requested by default).

If successful, the server returns a redirect response. This method will not follow the redirect, but instead returns the URL the client was told to redirect to.

func (*Client) ChallengeFactor ¶

func (c *Client) ChallengeFactor(req types.ChallengeFactorRequest) (*types.ChallengeFactorResponse, error)

POST /factors/{factor_id}/challenge

Challenge a factor.

func (*Client) EnrollFactor ¶

func (c *Client) EnrollFactor(req types.EnrollFactorRequest) (*types.EnrollFactorResponse, error)

POST /factors

Enroll a new factor.

func (*Client) GetSettings ¶

func (c *Client) GetSettings() (*types.SettingsResponse, error)

GET /settings

Returns the publicly available settings for this gotrue instance.

func (*Client) GetUser ¶

func (c *Client) GetUser() (*types.UserResponse, error)

GET /user

Get the JSON object for the logged in user (requires authentication)

func (*Client) HealthCheck ¶

func (c *Client) HealthCheck() (*types.HealthCheckResponse, error)

GET /health

Check the health of the GoTrue server.

func (*Client) Invite ¶

func (c *Client) Invite(req types.InviteRequest) (*types.InviteResponse, error)

POST /invite

Invites a new user with an email. This endpoint requires the service_role or supabase_admin JWT set using WithToken.

func (*Client) Logout ¶

func (c *Client) Logout() error

POST /logout

Logout a user (Requires authentication).

This will revoke all refresh tokens for the user. Remember that the JWT tokens will still be valid for stateless auth until they expires.

func (*Client) Magiclink ¶

func (c *Client) Magiclink(req types.MagiclinkRequest) error

POST /magiclink

DEPRECATED: Use /otp with Email and CreateUser=true instead of /magiclink.

Magic Link. Will deliver a link (e.g. /verify?type=magiclink&token=fgtyuf68ddqdaDd) to the user based on email address which they can use to redeem an access_token.

By default Magic Links can only be sent once every 60 seconds.

func (*Client) OTP ¶

func (c *Client) OTP(req types.OTPRequest) error

POST /otp One-Time-Password. Will deliver a magiclink or SMS OTP to the user depending on whether the request contains an email or phone key.

If CreateUser is true, the user will be automatically signed up if the user doesn't exist.

func (*Client) Reauthenticate ¶

func (c *Client) Reauthenticate() error

GET /reauthenticate

Sends a nonce to the user's email (preferred) or phone. This endpoint requires the user to be logged in / authenticated first. The user needs to have either an email or phone number for the nonce to be sent successfully.

func (*Client) Recover ¶

func (c *Client) Recover(req types.RecoverRequest) error

POST /recover

Password recovery. Will deliver a password recovery mail to the user based on email address.

By default recovery links can only be sent once every 60 seconds.

func (*Client) RefreshToken ¶

func (c *Client) RefreshToken(refreshToken string) (*types.TokenResponse, error)

Sign in with refresh token

This is a convenience method that calls Token with the refresh_token grant type

func (*Client) SAMLACS ¶

func (c *Client) SAMLACS(req *http.Request) (*http.Response, error)

POST /sso/saml/acs

Implements the main Assertion Consumer Service endpoint behavior.

This client does not provide a typed endpoint for SAML ACS. This method is provided for convenience and will simply POST your HTTP request to the endpoint and return the response.

For required parameters, see the SAML spec or the GoTrue implementation of this endpoint.

The server may issue redirects. Using the default HTTP client, this method will follow those redirects and return the final HTTP response. Should you prefer the client not to follow redirects, you can provide a custom HTTP client using WithClient(). See the example below.

Example:

c := http.Client{
	CheckRedirect: func(req *http.Request, via []*http.Request) error {
		return http.ErrUseLastResponse
	},
}

func (*Client) SAMLMetadata ¶

func (c *Client) SAMLMetadata() ([]byte, error)

GET /sso/saml/metadata

Get the SAML metadata for the configured SAML provider.

If successful, the server returns an XML response. Making sense of this is outside the scope of this client, so it is simply returned as []byte.

func (*Client) SSO ¶

func (c *Client) SSO(req types.SSORequest) (*types.SSOResponse, error)

POST /sso

Initiate an SSO session with the given provider.

If successful, the server returns a redirect to the provider's authorization URL. The client will follow it and return the final HTTP response.

GoTrue allows you to skip following the redirect by setting SkipHTTPRedirect on the request struct. In this case, the URL to redirect to will be returned in the response.

func (*Client) SignInWithEmailPassword ¶

func (c *Client) SignInWithEmailPassword(email, password string) (*types.TokenResponse, error)

Sign in with email and password

This is a convenience method that calls Token with the password grant type

func (*Client) SignInWithPhonePassword ¶

func (c *Client) SignInWithPhonePassword(phone, password string) (*types.TokenResponse, error)

Sign in with phone and password

This is a convenience method that calls Token with the password grant type

func (*Client) Signup ¶

func (c *Client) Signup(req types.SignupRequest) (*types.SignupResponse, error)

POST /signup

Register a new user with an email and password.

func (*Client) Token ¶

func (c *Client) Token(req types.TokenRequest) (*types.TokenResponse, error)

POST /token

This is an OAuth2 endpoint that currently implements the password, refresh_token, and PKCE grant types

func (*Client) UnenrollFactor ¶

func (c *Client) UnenrollFactor(req types.UnenrollFactorRequest) (*types.UnenrollFactorResponse, error)

DELETE /factors/{factor_id}

Unenroll an enrolled factor.

func (*Client) UpdateUser ¶

func (c *Client) UpdateUser(req types.UpdateUserRequest) (*types.UpdateUserResponse, error)

PUT /user

Update a user (Requires authentication). Apart from changing email/password, this method can be used to set custom user data. Changing the email will result in a magiclink being sent out.

func (*Client) Verify ¶

func (c *Client) Verify(req types.VerifyRequest) (*types.VerifyResponse, error)

GET /verify

Verify a registration or a password recovery. Type can be signup or recovery or magiclink or invite and the token is a token returned from either /signup or /recover or /magiclink.

The server returns a redirect response. This method will not follow the redirect, but instead returns the URL the client was told to redirect to, as well as parsing the parameters from the URL fragment.

NOTE: This endpoint may return a nil error, but the Response can contain error details extracted from the returned URL. Please check that the Error, ErrorCode and/or ErrorDescription fields of the response are empty.

func (*Client) VerifyFactor ¶

func (c *Client) VerifyFactor(req types.VerifyFactorRequest) (*types.VerifyFactorResponse, error)

POST /factors/{factor_id}/verify

Verify the challenge for an enrolled factor.

func (*Client) VerifyForUser ¶

func (c *Client) VerifyForUser(req types.VerifyForUserRequest) (*types.VerifyForUserResponse, error)

POST /verify

Verify a registration or a password recovery. Type can be signup or recovery or magiclink or invite and the token is a token returned from either /signup or /recover or /magiclink.

This differs from GET /verify as it requires an email or phone to be given, which is used to verify the token associated to the user. It also returns a JSON response rather than a redirect.

func (Client) WithClient ¶

func (c Client) WithClient(client http.Client) *Client

func (Client) WithCustomGoTrueURL ¶

func (c Client) WithCustomGoTrueURL(url string) *Client

func (Client) WithToken ¶

func (c Client) WithToken(token string) *Client