Documentation
¶
Index ¶
- Constants
- Variables
- func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error
- func ClearAuth(req *http.Request)
- func ClearState(req *http.Request)
- func CreateUserFromProfileData(ctx context.Context, profile *UserProfile) (*models.User, error)
- func DeleteUser(ctx context.Context, id string) error
- func Exchange(ctx context.Context, code, verifier string) (*TokenResponse, *UserProfile, error)
- func GenerateLogoutURL(req *http.Request) (*url.URL, error)
- func GetAccessToken(req *http.Request) (string, error)
- func GetCodeVerifier(req *http.Request) (string, error)
- func GetIDToken(req *http.Request) (*oidc.IDToken, error)
- func GetRefreshToken(req *http.Request) (string, error)
- func GetReturnTo(req *http.Request) (string, error)
- func GetState(req *http.Request) (string, error)
- func GetTokenExpiry(req *http.Request) (time.Time, error)
- func IsAccessTokenExpired(req *http.Request) bool
- func IsAuthenticated(req *http.Request) bool
- func PutCodeVerifier(req *http.Request, verifier string)
- func PutReturnTo(req *http.Request, path string)
- func PutState(req *http.Request, state string)
- func SaveTokens(ctx context.Context, token *TokenResponse)
- func UpdateUser(ctx context.Context, update *UpdateUserData) error
- func UpdateUserCustomisation(ctx context.Context, request *models.EditUserRequest) error
- func UpdateUserMetadata(ctx context.Context, id string, key string, value any) error
- func VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, string, error)
- type AuthURLResult
- type Authenticator
- type Config
- type TokenResponse
- type UpdateUserData
- type UserData
- type UserProfile
Constants ¶
const ( // ConfigEnvPrefix is the prefix applied to environment variables for configuring Auth0. ConfigEnvPrefix = config.ConfigEnvPrefix + "AUTH0_" )
Variables ¶
var ErrInvalidToken = errors.New("token is invalid")
var ErrNoIDToken = errors.New("no id_token field in oauth2 token")
Functions ¶
func ChangeUserPassword ¶
func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error
ChangeUserPassword will perform a password change on behalf of a user.
func ClearAuth ¶ added in v0.104.0
ClearAuth removes all authentication-related keys from the session.
func ClearState ¶ added in v0.104.0
ClearState removes all data related to an authorization exchange from the session.
func CreateUserFromProfileData ¶ added in v0.87.0
CreateUserFromProfileData creates a new user from the external provider details.
func DeleteUser ¶
DeleteUser will delete the given user from the Auth0 backend.
func Exchange ¶ added in v0.104.0
func Exchange(ctx context.Context, code, verifier string) (*TokenResponse, *UserProfile, error)
Exchange handles verifying and exchanging the authorization code for an access token. It also extracts the ID token and user profile.
func GenerateLogoutURL ¶
GenerateLogoutURL generates URL to log the user out from the auth backend.
func IsAccessTokenExpired ¶ added in v0.104.0
IsAccessTokenExpired returns true if the access token has expired.
func IsAuthenticated ¶ added in v0.104.0
IsAuthenticated returns true if the session contains an access token.
func PutCodeVerifier ¶ added in v0.104.0
func PutReturnTo ¶ added in v0.104.0
func SaveTokens ¶ added in v0.104.0
func SaveTokens(ctx context.Context, token *TokenResponse)
SaveTokens saves the access token and data in the session.
func UpdateUser ¶
func UpdateUser(ctx context.Context, update *UpdateUserData) error
UpdateUser updates user data in Auth0.
func UpdateUserCustomisation ¶ added in v0.61.0
func UpdateUserCustomisation(ctx context.Context, request *models.EditUserRequest) error
func UpdateUserMetadata ¶ added in v0.61.0
Types ¶
type AuthURLResult ¶ added in v0.104.0
AuthURLResult holds the generated authorization URL along with the state and PKCE code verifier that must be stored in the session before redirecting.
func GenerateAuthURL ¶ added in v0.104.0
func GenerateAuthURL(req *http.Request) (*AuthURLResult, error)
GenerateAuthURL constructs the Auth0 Universal Login redirect URL using PKCE.
type Authenticator ¶
Authenticator is used to authenticate our users.
type Config ¶
type Config struct {
Domain string `koanf:"domain" validate:"required"`
MgmtDomain string `koanf:"mgmtdomain" validate:"required"`
ClientID string `koanf:"clientid" validate:"required"`
ClientSecret string `koanf:"clientsecret" validate:"required"`
CallbackURL string `koanf:"callbackurl" validate:"required,url"`
}
Config structure.
type TokenResponse ¶ added in v0.104.0
type TokenResponse struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
IDToken string `json:"id_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"` // seconds until expiry
}
TokenResponse represents the JSON response from the Auth0 /oauth/token endpoint.
func RefreshTokens ¶ added in v0.104.0
func RefreshTokens(ctx context.Context, refreshToken string) (*TokenResponse, error)
RefreshTokens exchanges a refresh token for a new set of tokens.
type UpdateUserData ¶ added in v0.61.0
type UpdateUserData struct {
*management.UpdateUserRequestContent
ID string
}
type UserData ¶ added in v0.47.0
type UserData struct {
*management.GetUserResponseContent
*management.UserResponseSchema
}
func GetNewInactiveUsers ¶ added in v0.61.0
GetNewInactiveUsers returns all accounts created on the backend that haven't yet logged in to the app.
type UserProfile ¶
type UserProfile struct {
// URL of the server which issued this token.
Issuer string `json:"iss" validate:"required,url"`
// The client ID, or set of client IDs, that this token is issued for.
Audience string `json:"aud" validate:"required"`
// When the token was issued by the provider.
IssuedAt int64 `json:"iat" validate:"required"`
// Expiry of the token.
Expiry int64 `json:"exp" validate:"required"`
// A unique string which identifies the end user.
Subject string `json:"sub" validate:"required"`
// ID of the current session.
SessionID string `json:"sid" validate:"required"`
// The user's email address.
Email string `json:"email" validate:"email"`
// Indicates whether the user has verified their email address.
EmailVerified bool `json:"email_verified"`
// URL pointing to the user's profile picture.
Picture string `json:"picture" validate:"omitempty,url"`
// The user's family name.
FamilyName string `json:"family_name"`
// The user's family name.
GivenName string `json:"given_name"`
// The user's full name.
Name string `json:"name"`
// The user's nickname.
Nickname string `json:"nickname"`
// Timestamp indicating when the user's profile was last updated/modified.
UpdatedAt string `json:"updated_at"`
// LoginsCount is the number of times the user has logged in. If a user is blocked and logs in, the blocked session
// is still counted. For a new user, this will be 1 as creating the account is counted as the first login.
LoginsCount int64 `json:"logins_count" validate:"omitempty,gt=1"`
// Blocked indicates whether the user has been blocked. Importing enables subscribers to ensure that users remain
// blocked when migrating to Auth0.
Blocked bool `json:"blocked"`
// Custom fields that store info about a user that influences the user’s access, such as support plan, security
// roles (if not using the Authorization Core feature set), or access control groups.
AppMetadata map[string]any `json:"app_metadata"`
}
UserProfile represents the data returned from the auth0 backend that represents an authorised user.
https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure
https://pkg.go.dev/github.com/coreos/go-oidc/v3@v3.15.0/oidc#IDToken
func (*UserProfile) GetEmail ¶
func (u *UserProfile) GetEmail() string
GetEmail returns the email address associated with the external user.
func (*UserProfile) GetID ¶
func (u *UserProfile) GetID() string
GetID returns a string that represents the ID of the external user.