Documentation
¶
Index ¶
- Constants
- Variables
- func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error
- func CreateUserFromProfileData(ctx context.Context, profile *UserProfile) (*models.User, error)
- func DeleteUser(ctx context.Context, id string) error
- func GenerateLogoutURL(req *http.Request) (*url.URL, error)
- func GenerateRandomState() (string, error)
- func RefreshAccessToken(res http.ResponseWriter, req *http.Request, currentToken *oauth2.Token) (*oauth2.Token, error)
- func SyncUser(ctx context.Context, localUser *models.User)
- func UpdateUser(ctx context.Context, update *UpdateUserData) error
- func UpdateUserCustomisation(ctx context.Context, request *models.EditUserRequest) error
- func UpdateUserMetadata(ctx context.Context, id string, key string, value any) error
- type Authenticator
- type Config
- type RefreshTokenResponse
- type UpdateUserData
- type UserData
- type UserProfile
Constants ¶
const ( // ConfigEnvPrefix is the prefix applied to environment variables for configuring Auth0. ConfigEnvPrefix = config.ConfigEnvPrefix + "AUTH0_" )
Variables ¶
var ErrInvalidToken = errors.New("token is invalid")
var ErrNoIDToken = errors.New("no id_token field in oauth2 token")
var InitAuthenticator = func(ctx context.Context) error { err := sync.OnceValue(func() error { err := loadConfigOnce() if err != nil { return fmt.Errorf("load config: %w", err) } provider, err := oidc.NewProvider( ctx, "https://"+cfg.Domain+"/", ) if err != nil { return fmt.Errorf("create provider: %w", err) } conf := oauth2.Config{ ClientID: cfg.ClientID, ClientSecret: cfg.ClientSecret, RedirectURL: cfg.CallbackURL, Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "profile", "email"}, } AuthClient = Authenticator{ Provider: provider, Config: conf, } return nil })() if err != nil { return err } return nil }
InitAuthenticator will the setup and initialisation of the Auth0 tenant. It can be called multiple times but will only perform initialisation once (so it can be lazily loaded by calling it before any Auth0 actions).
Functions ¶
func ChangeUserPassword ¶
func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error
ChangeUserPassword will perform a password change on behalf of a user.
func CreateUserFromProfileData ¶ added in v0.87.0
CreateUserFromProfileData creates a new user from the external provider details.
func DeleteUser ¶
DeleteUser will delete the given user from the Auth0 backend.
func GenerateLogoutURL ¶
GenerateLogoutURL generates URL to log the user out from the auth backend.
func GenerateRandomState ¶ added in v0.32.0
GenerateRandomState generates a new nonce that can be used during authentication as a state parameter.
func RefreshAccessToken ¶ added in v0.29.0
func SyncUser ¶ added in v0.47.0
SyncUser tries to sync relevant user data from the auth backend to the local data.
func UpdateUser ¶
func UpdateUser(ctx context.Context, update *UpdateUserData) error
UpdateUser updates user data in Auth0.
func UpdateUserCustomisation ¶ added in v0.61.0
func UpdateUserCustomisation(ctx context.Context, request *models.EditUserRequest) error
Types ¶
type Authenticator ¶
Authenticator is used to authenticate our users.
var AuthClient Authenticator
func (*Authenticator) VerifyIDToken ¶
func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error)
VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken.
type Config ¶
type Config struct {
Domain string `koanf:"domain" validate:"required"`
MgmtDomain string `koanf:"mgmtdomain" validate:"required"`
ClientID string `koanf:"clientid" validate:"required"`
ClientSecret string `koanf:"clientsecret" validate:"required"`
CallbackURL string `koanf:"callbackurl" validate:"required,url"`
}
Config structure.
type RefreshTokenResponse ¶ added in v0.29.0
type RefreshTokenResponse struct {
AccessToken string `json:"access_token,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
Scope string `json:"scope,omitempty"`
IDToken string `json:"id_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
}
type UpdateUserData ¶ added in v0.61.0
type UpdateUserData struct {
*management.UpdateUserRequestContent
ID string
}
type UserData ¶ added in v0.47.0
type UserData struct {
*management.GetUserResponseContent
*management.UserResponseSchema
}
func GetNewInactiveUsers ¶ added in v0.61.0
GetNewInactiveUsers returns all accounts created on the backend that haven't yet logged in to the app.
type UserProfile ¶
type UserProfile struct {
// URL of the server which issued this token.
Issuer string `json:"iss" validate:"required,url"`
// The client ID, or set of client IDs, that this token is issued for.
Audience string `json:"aud" validate:"required"`
// When the token was issued by the provider.
IssuedAt int64 `json:"iat" validate:"required"`
// Expiry of the token.
Expiry int64 `json:"exp" validate:"required"`
// A unique string which identifies the end user.
Subject string `json:"sub" validate:"required"`
// ID of the current session.
SessionID string `json:"sid" validate:"required"`
// The user's email address.
Email string `json:"email" validate:"email"`
// Indicates whether the user has verified their email address.
EmailVerified bool `json:"email_verified"`
// URL pointing to the user's profile picture.
Picture string `json:"picture" validate:"omitempty,url"`
// The user's family name.
FamilyName string `json:"family_name"`
// The user's family name.
GivenName string `json:"given_name"`
// The user's full name.
Name string `json:"name"`
// The user's nickname.
Nickname string `json:"nickname"`
// Timestamp indicating when the user's profile was last updated/modified.
UpdatedAt string `json:"updated_at"`
// LoginsCount is the number of times the user has logged in. If a user is blocked and logs in, the blocked session
// is still counted. For a new user, this will be 1 as creating the account is counted as the first login.
LoginsCount int64 `json:"logins_count" validate:"omitempty,gt=1"`
// Blocked indicates whether the user has been blocked. Importing enables subscribers to ensure that users remain
// blocked when migrating to Auth0.
Blocked bool `json:"blocked"`
// Custom fields that store info about a user that influences the user’s access, such as support plan, security
// roles (if not using the Authorization Core feature set), or access control groups.
AppMetadata map[string]any `json:"app_metadata"`
}
UserProfile represents the data returned from the auth0 backend that represents an authorised user.
https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure
https://pkg.go.dev/github.com/coreos/go-oidc/v3@v3.15.0/oidc#IDToken
func (*UserProfile) GetEmail ¶
func (u *UserProfile) GetEmail() string
GetEmail returns the email address associated with the external user.
func (*UserProfile) GetID ¶
func (u *UserProfile) GetID() string
GetID returns a string that represents the ID of the external user.