Documentation
¶
Index ¶
- Constants
- Variables
- func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error
- func DeleteUser(ctx context.Context, user *models.User) error
- func GenerateLogoutURL(req *http.Request) (*url.URL, error)
- func UpdateUser(ctx context.Context, request *models.EditUserRequest) error
- type Authenticator
- type Config
- type ManagementAPI
- type UserProfile
Constants ¶
const ( // ConfigEnvPrefix is the prefix applied to environment variables for configuring Auth0. ConfigEnvPrefix = config.ConfigEnvPrefix + "AUTH0_" )
Variables ¶
var ErrNoIDToken = errors.New("no id_token field in oauth2 token")
var InitAuthenticator = func(ctx context.Context) error { err := sync.OnceValue(func() error { err := loadConfigOnce() if err != nil { return fmt.Errorf("unable to create authenticator: %w", err) } provider, err := oidc.NewProvider( ctx, "https://"+cfg.Domain+"/", ) if err != nil { return fmt.Errorf("unable to create authenticator: %w", err) } conf := oauth2.Config{ ClientID: cfg.ClientID, ClientSecret: cfg.ClientSecret, RedirectURL: cfg.CallbackURL, Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, } AuthClient = &Authenticator{ Provider: provider, Config: conf, } return nil })() if err != nil { return err } return nil }
InitAuthenticator will the setup and initialisation of the Auth0 tenant. It can be called multiple times but will only perform initialisation once (so it can be lazily loaded by calling it before any Auth0 actions).
var LoadManagementAPI = sync.OnceValue(func() error { var err error err = loadConfigOnce() if err != nil { return fmt.Errorf("load config: %w", err) } mgmt, err = management.New( cfg.MgmtDomain, management.WithClientCredentials( context.Background(), cfg.ClientID, cfg.ClientSecret, ), ) if err != nil { return fmt.Errorf("new management api connection: %w", err) } return nil })
LoadManagementAPI loads a connection to the Auth0 management API.
Functions ¶
func ChangeUserPassword ¶
func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error
ChangeUserPassword will perform a password change on behalf of a user.
func DeleteUser ¶
DeleteUser will delete the given user from the Auth0 backend.
func GenerateLogoutURL ¶
GenerateLogoutURL generates URL to log the user out from the auth backend.
func UpdateUser ¶
func UpdateUser(ctx context.Context, request *models.EditUserRequest) error
Types ¶
type Authenticator ¶
Authenticator is used to authenticate our users.
var AuthClient *Authenticator
func (*Authenticator) VerifyIDToken ¶
func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error)
VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken.
type Config ¶
type Config struct {
Domain string `koanf:"domain" validate:"required"`
MgmtDomain string `koanf:"mgmtdomain" validate:"required"`
ClientID string `koanf:"clientid" validate:"required"`
ClientSecret string `koanf:"clientsecret" validate:"required"`
CallbackURL string `koanf:"callbackurl" validate:"required,url"`
}
Config structure.
type ManagementAPI ¶
type ManagementAPI struct {
*management.Management
}
ManagementAPI represents the Auth0 management API backend connection.
type UserProfile ¶
type UserProfile struct {
// URL of the server which issued this token.
Issuer string `json:"iss" validate:"required,url"`
// The client ID, or set of client IDs, that this token is issued for.
Audience string `json:"aud" validate:"required"`
// When the token was issued by the provider.
IssuedAt int64 `json:"iat" validate:"required"`
// Expiry of the token.
Expiry int64 `json:"exp" validate:"required"`
// A unique string which identifies the end user.
Subject string `json:"sub" validate:"required"`
// ID of the current session.
SessionID string `json:"sid" validate:"required"`
// The user's email address.
Email string `json:"email" validate:"email"`
// Indicates whether the user has verified their email address.
EmailVerified bool `json:"email_verified"`
// URL pointing to the user's profile picture.
Picture string `json:"picture" validate:"omitempty,url"`
// The user's family name.
FamilyName string `json:"family_name"`
// The user's family name.
GivenName string `json:"given_name"`
// The user's full name.
Name string `json:"name"`
// The user's nickname.
Nickname string `json:"nickname"`
// Timestamp indicating when the user's profile was last updated/modified.
UpdatedAt string `json:"updated_at"`
// LoginsCount is the number of times the user has logged in. If a user is blocked and logs in, the blocked session
// is still counted. For a new user, this will be 1 as creating the account is counted as the first login.
LoginsCount int64 `json:"logins_count" validate:"omitempty,gt=1"`
// Blocked indicates whether the user has been blocked. Importing enables subscribers to ensure that users remain
// blocked when migrating to Auth0.
Blocked bool `json:"blocked"`
}
UserProfile represents the data returned from the auth0 backend that represents an authorised user.
https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure
https://pkg.go.dev/github.com/coreos/go-oidc/v3@v3.15.0/oidc#IDToken
func (*UserProfile) GetEmail ¶
func (u *UserProfile) GetEmail() string
GetEmail returns the email address associated with the external user.
func (*UserProfile) GetID ¶
func (u *UserProfile) GetID() string
GetID returns a string that represents the ID of the external user.