> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Ajouter une fonctionnalité de connexion à votre application Go > Ce guide explique comment intégrer Auth0 à n’importe quelle application Web Go, nouvelle ou existante. export const AuthCodeGroup = ({children, dropdown}) => { const [processedChildren, setProcessedChildren] = useState(children); useEffect(() => { let unsubscribe = null; function init() { unsubscribe = window.autorun(() => { const processChildren = node => { if (typeof node === "string") { let processedNode = node; for (const [key, value] of window.rootStore.variableStore.values.entries()) { const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`); processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value); } return processedNode; } else if (Array.isArray(node)) { return node.map(processChildren); } else if (node && node.props && node.props.children) { return { ...node, props: { ...node.props, children: processChildren(node.props.children) } }; } return node; }; setProcessedChildren(processChildren(children)); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, [children]); return {processedChildren}; }; export const QuickstartButtons = ({githubLink, lang = "en"}) => { const translations = { en: { viewOnGithub: "View On GitHub", loginAndDownload: "Download Sample" }, "fr-ca": { viewOnGithub: "Afficher sur GitHub", loginAndDownload: "Télécharger un exemple" }, "ja-jp": { viewOnGithub: "Githubで表示", loginAndDownload: "サンプルをダウンロード" } }; const text = translations[lang] || translations.en; const parseGithubUrl = url => { try { const urlObj = new URL(url); const pathParts = urlObj.pathname.split("/").filter(Boolean); if (pathParts.length >= 4 && pathParts[2] === "tree") { const repoName = pathParts[1]; const branch = pathParts[3]; const path = pathParts.slice(4).join("/") || undefined; return { repo: repoName, branch, path }; } console.warn("Could not parse GitHub URL:", url); return null; } catch (error) { console.error("Error parsing GitHub URL:", error); return null; } }; const handleDownload = async () => { const params = parseGithubUrl(githubLink); if (!params) { console.error("Invalid GitHub URL format"); return; } try { await window.Auth0DocsUI?.getSample(params); } catch (error) { console.error("Failed to download sample:", error); } }; return
{text.viewOnGithub}
; }; export const LoggedInForm = ({sampleApp}) => { const LS_APPS_KEY = "auth_demo_apps"; const LS_APP_CFG_KEY = "auth_demo_app_cfg"; const CHANNEL = "auth_flows_sync_v1"; const mkChannel = () => new BroadcastChannel(CHANNEL); function uid() { return Math.random().toString(36).slice(2) + Date.now().toString(36); } function loadApps() { const raw = localStorage.getItem(LS_APPS_KEY); if (raw) return JSON.parse(raw); const seeded = [{ id: "{yourClientId}", name: "Default App" }]; localStorage.setItem(LS_APPS_KEY, JSON.stringify(seeded)); return seeded; } function saveApps(apps) { localStorage.setItem(LS_APPS_KEY, JSON.stringify(apps)); } function loadCfg() { const raw = localStorage.getItem(LS_APP_CFG_KEY); return raw ? JSON.parse(raw) : {}; } function saveCfg(cfg) { localStorage.setItem(LS_APP_CFG_KEY, JSON.stringify(cfg)); } const RightChevron = ({className = "w-5 h-5", ...props}) => ; const LightningIcon = () => ; const LayersIcon = () => ; const GithubIcon = () => ; function IconTile({children}) { return
{children}
; } function Card({className = "", children}) { return
{children}
; } function Button({variant = "primary", type = "button", onClick, children}) { const base = "inline-flex items-center justify-center gap-2 h-10 px-4 rounded-xl font-medium transition"; let styles = ""; if (variant === "primary") { styles = "mint-bg-indigo-600 text-white hover:mint-bg-indigo-700"; } else if (variant === "outline") { styles = "border border-zinc-300 dark:border-zinc-700 mint-bg-transparent hover:mint-bg-zinc-50 dark:hover:mint-bg-zinc-800"; } else if (variant === "ghost") { styles = "hover:mint-bg-zinc-100 dark:hover:mint-bg-zinc-800"; } return ; } function Input({id, label, value, onChange, placeholder, name}) { return ; } function Select({label, value, onChange, options}) { return ; } function Toast({open, onClose, children}) { useEffect(() => { if (!open) return; const t = setTimeout(onClose, 2200); return () => clearTimeout(t); }, [open, onClose]); return
{children}
; } function Flows() { const [route, setRoute] = useState("menu"); const [apps, setApps] = useState(loadApps()); const [cfg, setCfg] = useState(loadCfg()); const [selected, setSelected] = useState(apps[0]?.id || ""); const [toast, setToast] = useState(false); const [bc] = useState(() => mkChannel()); useEffect(() => { if (!apps.find(a => a.id === selected)) { setSelected(apps[0]?.id || ""); } }, [apps, selected]); useEffect(() => { const onMsg = e => { const {type, payload} = e.data || ({}); switch (type) { case "NAV": setRoute(payload.route); break; case "SELECT": setSelected(payload.appId); break; case "APPS_UPDATED": setApps(loadApps()); break; case "CFG_UPDATED": setCfg(loadCfg()); setToast(true); break; default: break; } }; bc.addEventListener("message", onMsg); return () => bc.removeEventListener("message", onMsg); }, [bc]); const nav = nextRoute => { setRoute(nextRoute); bc.postMessage({ type: "NAV", payload: { route: nextRoute } }); }; const selectApp = appId => { setSelected(appId); bc.postMessage({ type: "SELECT", payload: { appId } }); }; const onCreate = name => { const id = uid(); const next = [...apps, { id, name: name || "Untitled" }]; setApps(next); saveApps(next); bc.postMessage({ type: "APPS_UPDATED" }); selectApp(id); nav("integrate"); }; const onSaveCfg = (appId, data) => { const next = { ...cfg, [appId]: data }; setCfg(next); saveCfg(next); setToast(true); bc.postMessage({ type: "CFG_UPDATED" }); }; return
{route === "menu" && nav("create")} onIntegrate={() => nav("integrate")} />} {route === "create" && nav("menu")} onSave={onCreate} />} {route === "integrate" && onSaveCfg(selected, data)} onCancel={() => nav("menu")} />} setToast(false)}> Successfully saved your changes.
; } function Menu({onCreate, onIntegrate}) { return ; } function CreateForm({onSave, onCancel}) { const [name, setName] = useState(""); return

You can change this later in the application settings.

; } function IntegrateForm({apps, selected, onSelect, saved, onSave, onCancel}) { const [callbacks, setCallbacks] = useState(saved?.callbacks ?? ""); const [logouts, setLogouts] = useState(saved?.logouts ?? ""); const [origins, setOrigins] = useState(saved?.origins ?? ""); useEffect(() => { setCallbacks(loadCfg()[selected]?.callbacks ?? ""); setLogouts(loadCfg()[selected]?.logouts ?? ""); setOrigins(loadCfg()[selected]?.origins ?? ""); }, [selected]); return
Select your Application
; } return
; }; export const SignUpForm = () => { const [isAuthenticated, setIsAuthenticated] = useState(false); const [storeReady, setStoreReady] = useState(false); useEffect(() => { let unsubscribe = null; function init() { setStoreReady(true); unsubscribe = window.autorun(() => { const authenticated = window.rootStore?.sessionStore?.isAuthenticated || false; setIsAuthenticated(authenticated); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, []); function LoggedInForm({sampleApp}) { const LS_APPS_KEY = "auth_demo_apps"; const LS_APP_CFG_KEY = "auth_demo_app_cfg"; const CHANNEL = "auth_flows_sync_v1"; const mkChannel = () => new BroadcastChannel(CHANNEL); function uid() { return Math.random().toString(36).slice(2) + Date.now().toString(36); } function loadApps() { const raw = localStorage.getItem(LS_APPS_KEY); if (raw) return JSON.parse(raw); const seeded = [{ id: "{yourClientId}", name: "Default App" }]; localStorage.setItem(LS_APPS_KEY, JSON.stringify(seeded)); return seeded; } function saveApps(apps) { localStorage.setItem(LS_APPS_KEY, JSON.stringify(apps)); } function loadCfg() { const raw = localStorage.getItem(LS_APP_CFG_KEY); return raw ? JSON.parse(raw) : {}; } function saveCfg(cfg) { localStorage.setItem(LS_APP_CFG_KEY, JSON.stringify(cfg)); } const RightChevron = ({className = "w-5 h-5", ...props}) => ; const LightningIcon = () => ; const LayersIcon = () => ; const GithubIcon = () => ; function IconTile({children}) { return
{children}
; } function Card({className = "", children}) { return
{children}
; } function Button({variant = "primary", type = "button", onClick, children}) { const base = "inline-flex items-center justify-center gap-2 h-10 px-4 rounded-xl font-medium transition"; let styles = ""; if (variant === "primary") { styles = "mint-bg-indigo-600 text-white hover:mint-bg-indigo-700"; } else if (variant === "outline") { styles = "border border-zinc-300 dark:border-zinc-700 mint-bg-transparent hover:mint-bg-zinc-50 dark:hover:mint-bg-zinc-800"; } else if (variant === "ghost") { styles = "hover:mint-bg-zinc-100 dark:hover:mint-bg-zinc-800"; } return ; } function Input({id, label, value, onChange, placeholder, name}) { return ; } function Select({label, value, onChange, options}) { return ; } function Toast({open, onClose, children}) { useEffect(() => { if (!open) return; const t = setTimeout(onClose, 2200); return () => clearTimeout(t); }, [open, onClose]); return
{children}
; } function Flows() { const [route, setRoute] = useState("menu"); const [apps, setApps] = useState(loadApps()); const [cfg, setCfg] = useState(loadCfg()); const [selected, setSelected] = useState(apps[0]?.id || ""); const [toast, setToast] = useState(false); const [bc] = useState(() => mkChannel()); useEffect(() => { if (!apps.find(a => a.id === selected)) { setSelected(apps[0]?.id || ""); } }, [apps, selected]); useEffect(() => { const onMsg = e => { const {type, payload} = e.data || ({}); switch (type) { case "NAV": setRoute(payload.route); break; case "SELECT": setSelected(payload.appId); break; case "APPS_UPDATED": setApps(loadApps()); break; case "CFG_UPDATED": setCfg(loadCfg()); setToast(true); break; default: break; } }; bc.addEventListener("message", onMsg); return () => bc.removeEventListener("message", onMsg); }, [bc]); const nav = nextRoute => { setRoute(nextRoute); bc.postMessage({ type: "NAV", payload: { route: nextRoute } }); }; const selectApp = appId => { setSelected(appId); bc.postMessage({ type: "SELECT", payload: { appId } }); }; const onCreate = name => { const id = uid(); const next = [...apps, { id, name: name || "Untitled" }]; setApps(next); saveApps(next); bc.postMessage({ type: "APPS_UPDATED" }); selectApp(id); nav("integrate"); }; const onSaveCfg = (appId, data) => { const next = { ...cfg, [appId]: data }; setCfg(next); saveCfg(next); setToast(true); bc.postMessage({ type: "CFG_UPDATED" }); }; return
{route === "menu" && nav("create")} onIntegrate={() => nav("integrate")} />} {route === "create" && nav("menu")} onSave={onCreate} />} {route === "integrate" && onSaveCfg(selected, data)} onCancel={() => nav("menu")} />} setToast(false)}> Successfully saved your changes.
; } function Menu({onCreate, onIntegrate}) { return ; } function CreateForm({onSave, onCancel}) { const [name, setName] = useState(""); return

You can change this later in the application settings.

; } function IntegrateForm({apps, selected, onSelect, saved, onSave, onCancel}) { const [callbacks, setCallbacks] = useState(saved?.callbacks ?? ""); const [logouts, setLogouts] = useState(saved?.logouts ?? ""); const [origins, setOrigins] = useState(saved?.origins ?? ""); useEffect(() => { setCallbacks(loadCfg()[selected]?.callbacks ?? ""); setLogouts(loadCfg()[selected]?.logouts ?? ""); setOrigins(loadCfg()[selected]?.origins ?? ""); }, [selected]); return
Select your Application
; } return
; } ; function SignUpFormInternal() { return
Sign up for an Auth0 account Sign up for an{" "} Auth0 account {" "} or{" "} console.log("log in")}> log in {" "} to your existing account to integrate directly with your own tenant.
; } ; return <>; }; export const SideMenuSectionItem = ({id, children}) => { return
{children}
; }; export const SideMenu = ({sections, children}) => { const [visibleSection, setVisibleSection] = useState(sections[0]?.id ?? null); const checkVisibility = () => { let currentVisible = null; const viewportHeight = window.innerHeight; const scrollY = window.scrollY; sections.forEach(({id}) => { const section = document.getElementById(id); if (section) { const rect = section.getBoundingClientRect(); const sectionTop = rect.top + scrollY; const sectionBottom = sectionTop + rect.height; const multiplier = viewportHeight > 1600 ? 0.34 : 0.22; if (scrollY + viewportHeight * multiplier >= sectionTop && scrollY <= sectionBottom) { currentVisible = id; } } }); if (currentVisible && currentVisible !== visibleSection) { setVisibleSection(currentVisible); } }; useEffect(() => { const throttledCheck = () => { setTimeout(checkVisibility, 100); }; checkVisibility(); window.addEventListener("scroll", throttledCheck); return () => { window.removeEventListener("scroll", throttledCheck); }; }, [sections, visibleSection]); useEffect(() => { sections.forEach(({id}) => { const section = document.getElementById(id); const sideMenuItem = document.getElementById(`side-menu-item-${id}`); if (section) { if (id === visibleSection) { section.classList.add("active-section"); } else { section.classList.remove("active-section"); } } if (sideMenuItem) { if (id === visibleSection) { sideMenuItem.classList.add("active-side-menu-item"); } else { sideMenuItem.classList.remove("active-side-menu-item"); } } }); }, [visibleSection, sections]); return
{children.map(child => { if (child.props.id === visibleSection) { return child; } return null; })}
; }; export const Section = ({id, title, stepNumber, children, isSingleColumn = false}) => { return
{} {children}
; }; export const Content = ({title, children}) => { return
{title &&

{title}

} {children}
; }; export const Recipe = ({children, isSingleColumn = false}) => { return
{children}
; }; export const sections = [{ id: "configuration-d-auth0", title: "Configuration d’Auth0" }, { id: "installer-les-dépendances", title: "Installer les dépendances" }, { id: "configurer-les-variables-d-environnement", title: "Configurer les variables d’environnement" }, { id: "configurez-les-packages-oauth2-et-openid-connect", title: "Configurez les packages OAuth2 et OpenID Connect" }, { id: "configurer-vos-routes-d-application", title: "Configurer vos routes d’application" }, { id: "ajouter-une-fonctionnalité-de-connexion-à-votre-application", title: "Ajouter une fonctionnalité de connexion à votre application" }, { id: "gérer-le-rappel-d-authentification", title: "Gérer le rappel d’authentification" }, { id: "afficher-les-informations-du-profil-utilisateur", title: "Afficher les informations du profil utilisateur" }, { id: "ajouter-une-fonctionnalité-de-déconnexion-à-votre-application", title: "Ajouter une fonctionnalité de déconnexion à votre application" }, { id: "protéger-les-routes", title: "Protéger les routes" }, { id: "lancer-votre-application", title: "Lancer votre application" }]; Auth0 vous permet d’ajouter l’authentification et de pouvoir accéder aux informations relatives au profil de l’utilisateur dans votre application. Ce guide explique comment intégrer Auth0 à n’importe quelle application Web Go, nouvelle ou existante.
Pour utiliser les services Auth0, vous devez avoir une application installée dans Auth0 Dashboard. L’application Auth0 est l’endroit où vous allez configurer le fonctionnement de l’authentification pour le projet que vous développez. ### Configurer une application Utilisez le sélecteur interactif pour créer une nouvelle application Auth0 ou sélectionner une application existante qui représente le projet avec lequel vous souhaitez effectuer l’intégration. Dans Auth0, chaque application se voit attribuer un identifiant client unique alphanumérique que votre code d’application utilisera pour appeler les API Auth0 via la trousse SDK. Tous les paramètres que vous configurez à l’aide de ce guide de démarrage rapide seront automatiquement mis à jour pour votre application dans le [Tableau de bord](https://manage.auth0.com/dashboard/us/auth0-dsepaid/), qui est l’endroit où vous pourrez gérer vos applications à l’avenir. Si vous préférez explorer une configuration complète, consultez plutôt un exemple d’application. ### Configuration des URL de rappel Une URL de rappel est une URL intégrée dans votre application vers laquelle vous souhaitez qu’Auth0 redirige les utilisateurs après leur authentification. Si elle n’est pas définie, les utilisateurs ne seront pas redirigés vers votre application après s’être connectés. Si vous suivez notre exemple de projet, définissez cette URL comme suit : `http://localhost:3000``/callback`. ### Configuration des URL de déconnexion Une URL de déconnexion est une URL intégrée dans votre application vers laquelle vous souhaitez qu’Auth0 redirige les utilisateurs après leur déconnexion. Si elle n’est pas définie, les utilisateurs ne pourront pas se déconnecter de votre application et recevront un message d’erreur. Si vous suivez notre exemple de projet, définissez cette URL comme suit : `http://localhost:3000`.
Créez un fichier `go.mod` pour lister toutes les dépendances de votre application. Pour intégrer Auth0 dans une application Go, ajoutez les packages `coreos/go-oidc/v3` et `x/oauth2`. En plus des packages OIDC et OAuth2, ajoutez `joho/godotenv`, `gin-gonic/gin`, et `gin-contrib/sessions`. Cet exemple utilise `gin` pour le routage, mais vous pouvez utiliser le routeur de votre choix. Enregistrez le fichier `go.mod` avec les dépendances nécessaires et installez-les en utilisant la commande suivante dans votre terminal : `go mod download`
Vous devez définir les variables d’environnement suivantes dans `.env` à la racine de votre répertoire de projet : * **AUTH0\_DOMAIN** : Le domaine de votre locataire Auth0. Trouvez votre domaine Auth0 dans Auth0 Dashboard sous les paramètres de votre application dans le champ Domain (Domaine). Pour les domaines personnalisés, définissez-le plutôt sur la valeur de votre domaine personnalisé. * **AUTH0\_CLIENT\_ID** : L’identificateur de l’application Auth0 que vous avez configurée précédemment dans ce guide rapide. Vous le trouverez dans Auth0 Dashboard sous les paramètres de votre application dans le champ Client ID (Identificateur client). * **AUTH0\_CLIENT\_SECRET** : Le secret de l’application Auth0 que vous avez configurée précédemment dans ce guide rapide. Vous le trouverez dans Auth0 Dashboard, sous les paramètres de votre application dans le champ Client Secret (Secret client). * **AUTH0\_CALLBACK\_URL** : L’URL utilisée par Auth0 pour rediriger l’utilisateur après une authentification réussie.
Ensuite, configurez les packages OAuth2 et OpenID Connect Créez un fichier nommé `auth.go` dans le dossier `platform/authenticator`. Dans ce package, créez une méthode pour configurer et renvoyer les clients [OAuth2](https://godoc.org/golang.org/x/oauth2) et [OIDC](https://godoc.org/github.com/coreos/go-oidc), et une autre pour vérifier un jeton d’ID.
Créez un fichier nommé `router.go` dans le dossier `platform/router`. Dans ce package, créez une méthode pour configurer et renvoyer nos routes en utilisant [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin). Vous passerez une instance de `Authenticator` à la méthode pour l’utiliser avec les gestionnaires `login (connexion)` et `callback (rappel)`.
Pour que l’utilisateur s’authentifie, nous devons créer une fonction gestionnaire pour traiter la route`/login`. Créez un fichier nommé `login.go` dans le dossier `web/app/login` et ajoutez une fonction `Handler`. Lors de l’exécution du gestionnaire, l’utilisateur sera redirigé vers Auth0 où il pourra saisir ses identifiants. Pour appeler la route `/login` ajoutez un lien vers `/login` dans le modèle `home.html` situé dans le directory `web/template`.
Une fois que les utilisateurs se sont authentifiés en utilisant la page de connexion universelle d’Auth0, ils reviendront à l’application à la route `/callback`. Créez un fichier nommé `callback.go` dans le dossier `web/app/callback` et ajoutez une fonction `Handler`. Ce gestionnaire prendra la chaîne de requête `code` fournie par Auth0 et l’échangera contre un jeton d’ID et un jeton d’accès. Si le jeton d’ID est valide, il stockera les informations de profil et le jeton d’accès dans la session. Les informations de profil sont basées sur les demandes contenues dans le jeton d’ID. Le stockage de session permet à l’application d’accéder à ces informations selon les besoins.
Maintenant que vos utilisateurs peuvent se connecter, vous voulez probablement pouvoir récupérer et utiliser les informations de profil associées aux utilisateurs authentifiés. Vous pouvez accéder à ces informations de profil, telles que leur pseudonyme ou leur photo de profil, à partir du `profile` qui a été sauvegardé dans la session précédemment. Créez un gestionnaire pour le point de terminaison `/user` dans `web/app/user/user.go` et renvoyez le fichier HTML correspondant. Comme le `profile` passe à `ctx.HTML()`, vous pouvez accéder aux informations de profil, telles que `picture` et `nickname` à l’intérieur de ce même fichier HTML. Un exemple de fichier HTML de ce type pourrait ressembler à l’exemple ci-dessous, mais vous pouvez récupérer n’importe quelle information de profil, y compris des demandes personnalisées.
Pour déconnecter l’utilisateur, effacez les données de la session et redirigez l’utilisateur vers le point de terminaison de déconnexion Auth0. Vous trouverez plus d’informations à ce sujet dans la [documentation sur la déconnexion](https://auth0.com/docs/logout). Créez un fichier nommé `logout.go` dans le dossier `web/app/logout`, et ajoutez la fonction `Handler` pour rediriger l’utilisateur vers le point de terminaison de déconnexion Auth0. L’URL `returnTo` doit figurer dans la liste des URL de déconnexion autorisées de la section des paramètres de l’application. Pour plus d’informations, consultez [Rediriger les utilisateurs après la déconnexion](https://auth0.com/docs/logout/guides/redirect-users-after-logout). Créez un fichier nommé `user.js` dans le dossier `web/static/js`, et ajoutez le code pour supprimer le témoin d’un utilisateur connecté.
La pratique recommandée veut que certaines routes ne soient accessibles qu’aux utilisateurs authentifiés. Lorsque des utilisateurs non authentifiés essaient d’accéder à des routes protégées, votre application devrait les rediriger. Dans ce cas, vous devez mettre en œuvre un intergiciel pour accéder à la requête HTTP. La fonction d’intergiciel détermine si la requête doit être dirigée vers le gestionnaire de point de terminaison ou si elle doit être bloquée. Créez un fichier nommé `isAuthenticated.go` dans `platform/middleware` et ajoutez une fonction qui vérifie si l’utilisateur est authentifié ou non, en fonction de la clé de session de `profile`. Si l’utilisateur n’est pas authentifié, l’intergiciel le redirigera vers la racine de l’application. L’intergiciel créé, nous pouvons le configurer pour toute route nécessitant une authentification en l’ajoutant au routeur.
L’authentificateur et le routeur configurés, nous pouvons connecter les éléments à l’aide du point d’entrée de notre application. Dans `main.go`, créez une instance de l’authentificateur et du routeur, qui reçoit l’instance de l’authentificateur. Si vous utilisez un fichier `.env` , vous devez appeler `godotenv.Load()` au tout début de la fonction `main()`. Lancez votre application en utilisant la commande suivante dans votre terminal : `go run main.go`
## Étapes suivantes Beau travail! Si vous en êtes arrivé là, vous devriez avoir la connexion, la déconnexion et les informations de profil utilisateur actives dans votre application. Cela conclut notre tutoriel de démarrage rapide, mais il y a tellement plus à explorer. Pour en savoir plus sur ce que vous pouvez faire avec Auth0, consultez : * [Auth0 Dashboard](https://manage.auth0.com/#) : apprenez à configurer et gérer votre locataire et vos applications Auth0 * [Auth0 Marketplace](https://marketplace.auth0.com/) : découvrez des intégrations que vous pouvez activer pour étendre les fonctionnalités d’Auth0 ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ``` ```golang main.go lines theme={null} // Save this file in ./main.go package main import ( "log" "net/http" "github.com/joho/godotenv" "01-Login/platform/authenticator" "01-Login/platform/router" ) func main() { if err := godotenv.Load(); err != nil { log.Fatalf("Failed to load the env vars: %v", err) } auth, err := authenticator.New() if err != nil { log.Fatalf("Failed to initialize the authenticator: %v", err) } rtr := router.New(auth) log.Print("Server listening on http://localhost:3000/") if err := http.ListenAndServe("0.0.0.0:3000", rtr); err != nil { log.Fatalf("There was an error with the http server: %v", err) } } ``` ```golang auth.go lines theme={null} // Save this file in ./platform/authenticator/auth.go package authenticator import ( "context" "errors" "os" "github.com/coreos/go-oidc/v3/oidc" "golang.org/x/oauth2" ) // Authenticator is used to authenticate our users. type Authenticator struct { *oidc.Provider oauth2.Config } // New instantiates the *Authenticator. func New() (*Authenticator, error) { provider, err := oidc.NewProvider( context.Background(), "https://"+os.Getenv("AUTH0_DOMAIN")+"/", ) if err != nil { return nil, err } conf := oauth2.Config{ ClientID: os.Getenv("AUTH0_CLIENT_ID"), ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"), RedirectURL: os.Getenv("AUTH0_CALLBACK_URL"), Endpoint: provider.Endpoint(), Scopes: []string{oidc.ScopeOpenID, "profile"}, } return &Authenticator{ Provider: provider, Config: conf, }, nil } // VerifyIDToken verifies that an *oauth2.Token is a valid *oidc.IDToken. func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) { rawIDToken, ok := token.Extra("id_token").(string) if !ok { return nil, errors.New("no id_token field in oauth2 token") } oidcConfig := &oidc.Config{ ClientID: a.ClientID, } return a.Verifier(oidcConfig).Verify(ctx, rawIDToken) } ``` ```golang callback.go lines theme={null} / Save this file in ./web/app/callback/callback.go package callback import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our callback. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { session := sessions.Default(ctx) if ctx.Query("state") != session.Get("state") { ctx.String(http.StatusBadRequest, "Invalid state parameter.") return } // Exchange an authorization code for a token. token, err := auth.Exchange(ctx.Request.Context(), ctx.Query("code")) if err != nil { ctx.String(http.StatusUnauthorized, "Failed to exchange an authorization code for a token.") return } idToken, err := auth.VerifyIDToken(ctx.Request.Context(), token) if err != nil { ctx.String(http.StatusInternalServerError, "Failed to verify ID Token.") return } var profile map[string]interface{} if err := idToken.Claims(&profile); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } session.Set("access_token", token.AccessToken) session.Set("profile", profile) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Redirect to logged in page. ctx.Redirect(http.StatusTemporaryRedirect, "/user") } } ``` ```env .env lines theme={null} # Save this file in ./.env # The URL of our Auth0 Tenant Domain. # If you're using a Custom Domain, be sure to set this to that value instead. AUTH0_DOMAIN='{yourDomain}' # Our Auth0 application's Client ID. AUTH0_CLIENT_ID='{yourClientId}' # Our Auth0 application's Client Secret. AUTH0_CLIENT_SECRET='{yourClientSecret}' # The Callback URL of our application. AUTH0_CALLBACK_URL='http://localhost:3000/callback' ``` ```mod go.mod lines theme={null} // Save this file in ./go.mod module 01-Login go 1.21 require ( github.com/coreos/go-oidc/v3 v3.8.0 github.com/gin-contrib/sessions v0.0.5 github.com/gin-gonic/gin v1.9.1 github.com/joho/godotenv v1.5.1 golang.org/x/oauth2 v0.15.0 ) ``` ```golang isAuthenticated.go lines theme={null} // Save this file in ./platform/middleware/isAuthenticated.go package middleware import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // IsAuthenticated is a middleware that checks if // the user has already been authenticated previously. func IsAuthenticated(ctx *gin.Context) { if sessions.Default(ctx).Get("profile") == nil { ctx.Redirect(http.StatusSeeOther, "/") } else { ctx.Next() } } ``` ```golang login.go lines theme={null} // Save this file in ./web/app/login/login.go package login import ( "crypto/rand" "encoding/base64" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" ) // Handler for our login. func Handler(auth *authenticator.Authenticator) gin.HandlerFunc { return func(ctx *gin.Context) { state, err := generateRandomState() if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } // Save the state inside the session. session := sessions.Default(ctx) session.Set("state", state) if err := session.Save(); err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } ctx.Redirect(http.StatusTemporaryRedirect, auth.AuthCodeURL(state)) } } func generateRandomState() (string, error) { b := make([]byte, 32) _, err := rand.Read(b) if err != nil { return "", err } state := base64.StdEncoding.EncodeToString(b) return state, nil } ``` ```golang logout.go lines theme={null} // Save this file in ./web/app/logout/logout.go package logout import ( "net/http" "net/url" "os" "github.com/gin-gonic/gin" ) // Handler for our logout. func Handler(ctx *gin.Context) { logoutUrl, err := url.Parse("https://" + os.Getenv("AUTH0_DOMAIN") + "/v2/logout") if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } scheme := "http" if ctx.Request.TLS != nil { scheme = "https" } returnTo, err := url.Parse(scheme + "://" + ctx.Request.Host) if err != nil { ctx.String(http.StatusInternalServerError, err.Error()) return } parameters := url.Values{} parameters.Add("returnTo", returnTo.String()) parameters.Add("client_id", os.Getenv("AUTH0_CLIENT_ID")) logoutUrl.RawQuery = parameters.Encode() ctx.Redirect(http.StatusTemporaryRedirect, logoutUrl.String()) } ``` ```golang router.go lines theme={null} // Save this file in ./platform/router/router.go package router import ( "encoding/gob" "net/http" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "01-Login/platform/authenticator" "01-Login/platform/middleware" "01-Login/web/app/callback" "01-Login/web/app/login" "01-Login/web/app/logout" "01-Login/web/app/user" ) // New registers the routes and returns the router. func New(auth *authenticator.Authenticator) *gin.Engine { router := gin.Default() // To store custom types in our cookies, // we must first register them using gob.Register gob.Register(map[string]interface{}{}) store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("auth-session", store)) router.Static("/public", "web/static") router.LoadHTMLGlob("web/template/*") router.GET("/", func(ctx *gin.Context) { ctx.HTML(http.StatusOK, "home.html", nil) }) router.GET("/login", login.Handler(auth)) router.GET("/callback", callback.Handler(auth)) router.GET("/user", user.Handler) router.GET("/logout", logout.Handler) return router } ``` ```golang user.go lines theme={null} // Save this file in ./web/app/user/user.go package user import ( "net/http" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" ) // Handler for our logged-in user page. func Handler(ctx *gin.Context) { session := sessions.Default(ctx) profile := session.Get("profile") ctx.HTML(http.StatusOK, "user.html", profile) } ```