auth0

package
v0.91.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 8, 2026 License: AGPL-3.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ConfigEnvPrefix is the prefix applied to environment variables for configuring Auth0.
	ConfigEnvPrefix = config.ConfigEnvPrefix + "AUTH0_"
)

Variables

View Source
var ErrInvalidToken = errors.New("token is invalid")
View Source
var ErrNoIDToken = errors.New("no id_token field in oauth2 token")
View Source
var InitAuthenticator = func(ctx context.Context) error {
	err := sync.OnceValue(func() error {
		err := loadConfigOnce()
		if err != nil {
			return fmt.Errorf("load config: %w", err)
		}

		provider, err := oidc.NewProvider(
			ctx,
			"https://"+cfg.Domain+"/",
		)
		if err != nil {
			return fmt.Errorf("create provider: %w", err)
		}

		conf := oauth2.Config{
			ClientID:     cfg.ClientID,
			ClientSecret: cfg.ClientSecret,
			RedirectURL:  cfg.CallbackURL,
			Endpoint:     provider.Endpoint(),
			Scopes:       []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "profile", "email"},
		}
		AuthClient = Authenticator{
			Provider: provider,
			Config:   conf,
		}
		return nil
	})()
	if err != nil {
		return err
	}
	return nil
}

InitAuthenticator will the setup and initialisation of the Auth0 tenant. It can be called multiple times but will only perform initialisation once (so it can be lazily loaded by calling it before any Auth0 actions).

Functions

func ChangeUserPassword

func ChangeUserPassword(ctx context.Context, request *models.ChangePasswordRequest) error

ChangeUserPassword will perform a password change on behalf of a user.

func CreateUserFromProfileData added in v0.87.0

func CreateUserFromProfileData(ctx context.Context, profile *UserProfile) (*models.User, error)

CreateUserFromProfileData creates a new user from the external provider details.

func DeleteUser

func DeleteUser(ctx context.Context, id string) error

DeleteUser will delete the given user from the Auth0 backend.

func GenerateLogoutURL

func GenerateLogoutURL(req *http.Request) (*url.URL, error)

GenerateLogoutURL generates URL to log the user out from the auth backend.

func GenerateRandomState added in v0.32.0

func GenerateRandomState() (string, error)

GenerateRandomState generates a new nonce that can be used during authentication as a state parameter.

func RefreshAccessToken added in v0.29.0

func RefreshAccessToken(res http.ResponseWriter, req *http.Request, currentToken *oauth2.Token) (*oauth2.Token, error)

func SyncUser added in v0.47.0

func SyncUser(ctx context.Context, localUser *models.User)

SyncUser tries to sync relevant user data from the auth backend to the local data.

func UpdateUser

func UpdateUser(ctx context.Context, update *UpdateUserData) error

UpdateUser updates user data in Auth0.

func UpdateUserCustomisation added in v0.61.0

func UpdateUserCustomisation(ctx context.Context, request *models.EditUserRequest) error

func UpdateUserMetadata added in v0.61.0

func UpdateUserMetadata(ctx context.Context, id string, key string, value any) error

Types

type Authenticator

type Authenticator struct {
	*oidc.Provider
	oauth2.Config
}

Authenticator is used to authenticate our users.

var AuthClient Authenticator

func (*Authenticator) VerifyIDToken

func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error)

VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken.

type Config

type Config struct {
	Domain       string `koanf:"domain"       validate:"required"`
	MgmtDomain   string `koanf:"mgmtdomain"   validate:"required"`
	ClientID     string `koanf:"clientid"     validate:"required"`
	ClientSecret string `koanf:"clientsecret" validate:"required"`
	CallbackURL  string `koanf:"callbackurl"  validate:"required,url"`
}

Config structure.

type RefreshTokenResponse added in v0.29.0

type RefreshTokenResponse struct {
	AccessToken  string `json:"access_token,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int    `json:"expires_in,omitempty"`
	Scope        string `json:"scope,omitempty"`
	IDToken      string `json:"id_token,omitempty"`
	TokenType    string `json:"token_type,omitempty"`
}

type UpdateUserData added in v0.61.0

type UpdateUserData struct {
	*management.UpdateUserRequestContent

	ID string
}

type UserData added in v0.47.0

func GetNewInactiveUsers added in v0.61.0

func GetNewInactiveUsers(ctx context.Context) ([]*UserData, error)

GetNewInactiveUsers returns all accounts created on the backend that haven't yet logged in to the app.

func GetUser added in v0.47.0

func GetUser(ctx context.Context, id string) (*UserData, error)

GetUser fetches the user with the given ID from Auth0.

type UserProfile

type UserProfile struct {
	// URL of the server which issued this token.
	Issuer string `json:"iss" validate:"required,url"`
	// The client ID, or set of client IDs, that this token is issued for.
	Audience string `json:"aud" validate:"required"`
	// When the token was issued by the provider.
	IssuedAt int64 `json:"iat" validate:"required"`
	// Expiry of the token.
	Expiry int64 `json:"exp" validate:"required"`
	// A unique string which identifies the end user.
	Subject string `json:"sub" validate:"required"`
	// ID of the current session.
	SessionID string `json:"sid" validate:"required"`
	// The user's email address.
	Email string `json:"email" validate:"email"`
	// Indicates whether the user has verified their email address.
	EmailVerified bool `json:"email_verified"`
	// URL pointing to the user's profile picture.
	Picture string `json:"picture" validate:"omitempty,url"`
	// The user's family name.
	FamilyName string `json:"family_name"`
	// The user's family name.
	GivenName string `json:"given_name"`
	// The user's full name.
	Name string `json:"name"`
	// The user's nickname.
	Nickname string `json:"nickname"`
	// Timestamp indicating when the user's profile was last updated/modified.
	UpdatedAt string `json:"updated_at"`
	// LoginsCount is the number of times the user has logged in. If a user is blocked and logs in, the blocked session
	// is still counted. For a new user, this will be 1 as creating the account is counted as the first login.
	LoginsCount int64 `json:"logins_count" validate:"omitempty,gt=1"`
	// Blocked indicates whether the user has been blocked. Importing enables subscribers to ensure that users remain
	// blocked when migrating to Auth0.
	Blocked bool `json:"blocked"`
	// Custom fields that store info about a user that influences the user’s access, such as support plan, security
	// roles (if not using the Authorization Core feature set), or access control groups.
	AppMetadata map[string]any `json:"app_metadata"`
}

UserProfile represents the data returned from the auth0 backend that represents an authorised user.

https://auth0.com/docs/manage-users/user-accounts/user-profiles/user-profile-structure

https://pkg.go.dev/github.com/coreos/go-oidc/v3@v3.15.0/oidc#IDToken

func (*UserProfile) GetEmail

func (u *UserProfile) GetEmail() string

GetEmail returns the email address associated with the external user.

func (*UserProfile) GetID

func (u *UserProfile) GetID() string

GetID returns a string that represents the ID of the external user.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL