Documentation
¶
Index ¶
- Constants
- type Config
- type Deps
- type Provider
- func New(ctx context.Context, cfg Config, deps Deps) (*Provider, error)
- func NewAppleProvider(ctx context.Context, clientID, clientSecret, redirectURL string, deps Deps) (*Provider, error)
- func NewGitHubProvider(_ context.Context, clientID, clientSecret, redirectURL string, deps Deps) (*Provider, error)
- func NewGoogleProvider(ctx context.Context, clientID, clientSecret, redirectURL string, deps Deps) (*Provider, error)
- type StateStore
- type UserInfo
Constants ¶
const ( GoogleIssuer = "https://accounts.google.com" AppleIssuer = "https://appleid.apple.com" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Name identifies this provider (e.g. "google", "apple", "github").
Name string
// OAuth2 credentials
ClientID string
ClientSecret string
RedirectURL string
// Scopes to request (e.g. []string{"openid", "email", "profile"})
Scopes []string
// AuthCodeOptions are additional options passed to AuthCodeURL.
AuthCodeOptions []oauth2.AuthCodeOption
// LoginPath is where to redirect on auth errors.
LoginPath string
// SuccessPath is where to redirect after successful login.
SuccessPath string
// Issuer is the OIDC issuer URL (e.g. "https://accounts.google.com").
// Used for OIDC discovery to obtain endpoints and token verification.
// Ignored when Endpoint is set.
Issuer string
// Endpoint sets OAuth2 endpoints manually, skipping OIDC discovery.
// Required for non-OIDC providers like GitHub.
Endpoint *oauth2.Endpoint
// FetchUserInfo extracts user identity from the token response.
// For OIDC providers, leave nil to use automatic ID token verification.
// For plain OAuth2 providers, set this to call the provider's userinfo API.
FetchUserInfo func(ctx context.Context, token *oauth2.Token, nonce string) (*UserInfo, error)
}
Config holds the configuration for an OAuth provider.
type Deps ¶
type Deps struct {
DB *sql.DB
StateStore StateStore
Users dbi.Factory[iam.UserStore]
OAuth dbi.Factory[iam.OAuthStore]
Sessions iam.SessionStore
}
Deps holds the dependencies injected by the application.
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider handles OAuth authentication for a single identity provider.
func New ¶
New creates a new OAuth Provider. For OIDC providers (Issuer set, Endpoint nil), it performs OIDC discovery and sets up automatic ID token verification. For plain OAuth2 providers (Endpoint set), FetchUserInfo must be provided.
func NewAppleProvider ¶
func NewAppleProvider(ctx context.Context, clientID, clientSecret, redirectURL string, deps Deps) (*Provider, error)
NewAppleProvider creates a Provider configured for Sign in with Apple. The clientSecret should be a JWT signed with your Apple private key.
func NewGitHubProvider ¶
func NewGitHubProvider(_ context.Context, clientID, clientSecret, redirectURL string, deps Deps) (*Provider, error)
NewGitHubProvider creates a Provider configured for GitHub OAuth.
func NewGoogleProvider ¶
func NewGoogleProvider(ctx context.Context, clientID, clientSecret, redirectURL string, deps Deps) (*Provider, error)
NewGoogleProvider creates a Provider configured for Google Sign-In.
func (*Provider) HandleCallback ¶
func (p *Provider) HandleCallback(w http.ResponseWriter, r *http.Request)
type StateStore ¶
type StateStore interface {
// Set stores a state value with expiration.
Set(key, value string, expiration time.Duration) error
// GetAndDelete retrieves and deletes a state value (one-time use).
// Returns empty string and no error if key not found or expired.
GetAndDelete(key string) (string, error)
}
StateStore manages temporary OAuth state with expiration and one-time use.
Source Files
¶
- helpers.go
- presets.go
- provider.go
- state.go