package module
v1.0.3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Apr 26, 2020 License: MIT Imports: 11 Imported by: 1



Build Status    Godoc Reference    Go Report Card    License

This package implements an IndieAuth (an identity layer on top of OAuth 2.0) client/authentication middleware.

It implements an IndieAuth Client and will use your own external Authorization Endpoint.

It was designed to replace basic authentication when restricting access to private projects, it does not support multiple users.

Relies on the sessions package from the Gorilla web toolkit.


$ get get

Note: If you are not using gorilla/mux, you need to wrap your handlers with context.ClearHandler to prevent leaking memory.

package main

import (



var cookieStore = sessions.NewCookieStore([]byte("my-secret"))

func main() {
        ia, err:= indieauth.New(cookieStore, "https://my.indie.auth.domain")
        if err != nil {
	iaMiddleware = ia.Middleware()
        http.HandleFunc(indieauth.DefaultRedirectPath, ia.RedirectHandler)
        http.HandleFunc("/logout", func(w http.ResponseWriter, r *http.Request) {
                indie.Logout(w, r)
        http.Handle("/", iaMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        log.Fatal(http.ListenAndServe(":8011", context.ClearHandler(http.DefaultServeMux)))



Package indieauth implements an IndieAuth (an identity layer on top of OAuth 2.0)] client/authentication middleware.



View Source
const (
	// DefaultRedirectPath is default path where the RedirectHandler should be served
	DefaultRedirectPath = "/indieauth-redirect"


View Source
var (
	// ErrForbidden is returned when the authorization endpoint answered a 403
	ErrForbidden = errors.New("authorization endpoint answered with forbidden")

	// ErrAuthorizationEndointNotFound is returned when the authorization_endpoint could not be discovered for the given URL
	ErrAuthorizationEndpointNotFound = errors.New("authorization_endpoint not found")

	// UserAgent is the User Agent used for the requests performed as an "IndieAuth Client"
	UserAgent = "IndieAuth client (+"

	// SessionName is the name of the Gorilla session
	SessionName = "indieauth"


func ClientID

func ClientID(clientID string) func(*http.Request) string

ClientID can optionally be used to force a specific client ID. IndieAuth.ClientID = indieauth.ClientID("https://my.client.tld")


type IndieAuth

type IndieAuth struct {

	// ClientID will try to guess the client ID from the request by default
	ClientID func(r *http.Request) string
	// RedirectPath will default to `/indieauth-redirect`
	RedirectPath string
	// contains filtered or unexported fields

IndieAuth holds the auth manager

func New

func New(store *sessions.CookieStore, me string) (*IndieAuth, error)

New initializes an IndieAuth auth manager, the `Middleware` shortcut is the preferred API unless you want fine-grained configuration.

func (*IndieAuth) Check

func (ia *IndieAuth) Check(r *http.Request) bool

Check returns true if there is an existing session with a valid login

func (*IndieAuth) Logout

func (ia *IndieAuth) Logout(w http.ResponseWriter, r *http.Request)

Logout logs out the current user

func (*IndieAuth) Middleware

func (ia *IndieAuth) Middleware() func(http.Handler) http.Handler

Middleware provides a middleware that will only allow user authenticated against the given IndiAuth endpoint

func (*IndieAuth) Redirect

func (ia *IndieAuth) Redirect(w http.ResponseWriter, r *http.Request) error

Redirect responds to the request by redirecting to the authorization endpoint

func (*IndieAuth) RedirectHandler

func (ia *IndieAuth) RedirectHandler(w http.ResponseWriter, r *http.Request)

RedirectHandler is a HTTP handler that must be registered on the app at `/indieauth-redirect`

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL