auth0

package
v0.167.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2026 License: AGPL-3.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ConfigEnvPrefix is the prefix applied to environment variables for configuring Auth0.
	ConfigEnvPrefix = config.ConfigEnvPrefix + "AUTH0_"
)

Variables

View Source
var ErrInvalidToken = errors.New("token is invalid")
View Source
var ErrNoIDToken = errors.New("no id_token field in oauth2 token")

Functions

func ChangeUserPassword

func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error

ChangeUserPassword will perform a password change on behalf of a user.

func ClearAuth added in v0.104.0

func ClearAuth(req *http.Request)

ClearAuth removes all authentication-related keys from the session.

func ClearState added in v0.104.0

func ClearState(req *http.Request)

ClearState removes all data related to an authorization exchange from the session.

func CreateUserFromProfileData added in v0.87.0

func CreateUserFromProfileData(ctx context.Context, profile *UserProfile) (*models.User, error)

CreateUserFromProfileData creates a new user from the external provider details.

func DeleteUser

func DeleteUser(ctx context.Context, id string) error

DeleteUser will delete the given user from the Auth0 backend.

func Exchange added in v0.104.0

func Exchange(ctx context.Context, code, verifier string) (*TokenResponse, *UserProfile, error)

Exchange handles verifying and exchanging the authorization code for an access token. It also extracts the ID token and user profile.

func GenerateLogoutURL

func GenerateLogoutURL(req *http.Request) (*url.URL, error)

GenerateLogoutURL generates URL to log the user out from the auth backend.

func GetAccessToken added in v0.104.0

func GetAccessToken(req *http.Request) (string, error)

func GetCodeVerifier added in v0.104.0

func GetCodeVerifier(req *http.Request) (string, error)

func GetIDToken added in v0.104.0

func GetIDToken(req *http.Request) (*oidc.IDToken, error)

func GetRefreshToken added in v0.104.0

func GetRefreshToken(req *http.Request) (string, error)

func GetReturnTo added in v0.104.0

func GetReturnTo(req *http.Request) (string, error)

func GetState added in v0.104.0

func GetState(req *http.Request) (string, error)

func GetTokenExpiry added in v0.104.0

func GetTokenExpiry(req *http.Request) (time.Time, error)

func IsAccessTokenExpired added in v0.104.0

func IsAccessTokenExpired(req *http.Request) bool

IsAccessTokenExpired returns true if the access token has expired.

func IsAuthenticated added in v0.104.0

func IsAuthenticated(req *http.Request) bool

IsAuthenticated returns true if the session contains an access token.

func PutCodeVerifier added in v0.104.0

func PutCodeVerifier(req *http.Request, verifier string)

func PutReturnTo added in v0.104.0

func PutReturnTo(req *http.Request, path string)

func PutState added in v0.104.0

func PutState(req *http.Request, state string)

func SaveTokens added in v0.104.0

func SaveTokens(ctx context.Context, token *TokenResponse)

SaveTokens saves the access token and data in the session.

func UpdateUser

func UpdateUser(ctx context.Context, update *UpdateUserData) error

UpdateUser updates user data in Auth0.

func UpdateUserCustomisation added in v0.61.0

func UpdateUserCustomisation(ctx context.Context, request *models.EditUserRequest) error

func UpdateUserMetadata added in v0.61.0

func UpdateUserMetadata(ctx context.Context, id string, key string, value any) error

func VerifyIDToken added in v0.104.0

func VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, string, error)

VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken.

Types

type AuthURLResult added in v0.104.0

type AuthURLResult struct {
	URL          string
	State        string
	CodeVerifier string
}

AuthURLResult holds the generated authorization URL along with the state and PKCE code verifier that must be stored in the session before redirecting.

func GenerateAuthURL added in v0.104.0

func GenerateAuthURL(req *http.Request) (*AuthURLResult, error)

GenerateAuthURL constructs the Auth0 Universal Login redirect URL using PKCE.

type Authenticator

type Authenticator struct {
	*oidc.Provider
	oauth2.Config
}

Authenticator is used to authenticate our users.

type Config

type Config struct {
	Domain       string `koanf:"domain"       validate:"required"`
	MgmtDomain   string `koanf:"mgmtdomain"   validate:"required"`
	ClientID     string `koanf:"clientid"     validate:"required"`
	ClientSecret string `koanf:"clientsecret" validate:"required"`
	CallbackURL  string `koanf:"callbackurl"  validate:"required,url"`
}

Config structure.

type TokenResponse added in v0.104.0

type TokenResponse struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	IDToken      string `json:"id_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int64  `json:"expires_in"` // seconds until expiry
}

TokenResponse represents the JSON response from the Auth0 /oauth/token endpoint.

func RefreshTokens added in v0.104.0

func RefreshTokens(ctx context.Context, refreshToken string) (*TokenResponse, error)

RefreshTokens exchanges a refresh token for a new set of tokens.

type UpdateUserData added in v0.61.0

type UpdateUserData struct {
	*management.UpdateUserRequestContent

	ID string
}

type UserData added in v0.47.0

func GetNewInactiveUsers added in v0.61.0

func GetNewInactiveUsers(ctx context.Context) ([]*UserData, error)

GetNewInactiveUsers returns all accounts created on the backend that haven't yet logged in to the app.

func GetUser added in v0.47.0

func GetUser(ctx context.Context, id string) (*UserData, error)

GetUser fetches the user with the given ID from Auth0.

type UserProfile

type UserProfile struct {
	// URL of the server which issued this token.
	Issuer string `json:"iss" validate:"required,url"`
	// The client ID, or set of client IDs, that this token is issued for.
	Audience string `json:"aud" validate:"required"`
	// When the token was issued by the provider.
	IssuedAt int64 `json:"iat" validate:"required"`
	// Expiry of the token.
	Expiry int64 `json:"exp" validate:"required"`
	// A unique string which identifies the end user.
	Subject string `json:"sub" validate:"required"`
	// ID of the current session.
	SessionID string `json:"sid" validate:"required"`
	// The user's email address.
	Email string `json:"email" validate:"email"`
	// Indicates whether the user has verified their email address.
	EmailVerified bool `json:"email_verified"`
	// URL pointing to the user's profile picture.
	Picture string `json:"picture" validate:"omitempty,url"`
	// The user's family name.
	FamilyName string `json:"family_name"`
	// The user's family name.
	GivenName string `json:"given_name"`
	// The user's full name.
	Name string `json:"name"`
	// The user's nickname.
	Nickname string `json:"nickname"`
	// Timestamp indicating when the user's profile was last updated/modified.
	UpdatedAt string `json:"updated_at"`
	// LoginsCount is the number of times the user has logged in. If a user is blocked and logs in, the blocked session
	// is still counted. For a new user, this will be 1 as creating the account is counted as the first login.
	LoginsCount int64 `json:"logins_count" validate:"omitempty,gt=1"`
	// Blocked indicates whether the user has been blocked. Importing enables subscribers to ensure that users remain
	// blocked when migrating to Auth0.
	Blocked bool `json:"blocked"`
	// Custom fields that store info about a user that influences the user’s access, such as support plan, security
	// roles (if not using the Authorization Core feature set), or access control groups.
	AppMetadata map[string]any `json:"app_metadata"`
}

UserProfile represents the data returned from the auth0 backend that represents an authorised user.

https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure

https://pkg.go.dev/github.com/coreos/go-oidc/v3@v3.15.0/oidc#IDToken

func (*UserProfile) GetEmail

func (u *UserProfile) GetEmail() string

GetEmail returns the email address associated with the external user.

func (*UserProfile) GetID

func (u *UserProfile) GetID() string

GetID returns a string that represents the ID of the external user.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL