go/web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87a36aff39f2a3d7dd071b51ee7077673d2b75ba
web/auth/auth0/authenticator/authenticator.go
Derek Wright 528778753c add initial auth0 module
2025-12-18 08:37:22 -05:00

85 lines
1.7 KiB
Go
Raw Blame History

package authenticator
import (
"context"
"os"
"github.com/coreos/go-oidc/v3/oidc"
"golang.org/x/oauth2"
)
// Config defines required configuration values for Auth0.
//
// * Values are read from the environment.
// They cannot be overridden or set from code.
type Config struct {
Domain string
ClientID string
ClientSecret string
RedirectURI string
}
type Authenticator struct {
*oidc.Provider
oauth2.Config
LogoutURL string
}
func New() (*Authenticator, error) {
cfg := Config{
Domain: os.Getenv("AUTH0_DOMAIN"),
ClientID: os.Getenv("AUTH0_CLIENT_ID"),
ClientSecret: os.Getenv("AUTH0_CLIENT_SECRET"),
RedirectURI: os.Getenv("AUTH0_REDIRECT_URI"),
}
if cfg.Domain == "" {
return nil, ErrEmptyDomain
}
if cfg.ClientID == "" {
return nil, ErrEmptyClientID
}
if cfg.ClientSecret == "" {
return nil, ErrEmptyClientSecret
}
if cfg.RedirectURI == "" {
return nil, ErrEmptyRedirectURI
}
provider, err := oidc.NewProvider(
context.Background(),
"https://"+cfg.Domain+"/",
)
if err != nil {
return nil, err
}
return &Authenticator{
Provider: provider,
Config: oauth2.Config{
ClientID: cfg.ClientID,
ClientSecret: cfg.ClientSecret,
RedirectURL: cfg.RedirectURI,
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
Endpoint: provider.Endpoint(),
},
LogoutURL: "https://" + cfg.Domain + "/v2/logout",
}, nil
}
func (a *Authenticator) VerifyIDToken(ctx context.Context, token *oauth2.Token) (*oidc.IDToken, error) {
rawIDToken, ok := token.Extra("id_token").(string)
if !ok {
return nil, ErrNoIDToken
}
oidcConfig := &oidc.Config{
ClientID: a.ClientID,
}
return a.Verifier(oidcConfig).Verify(ctx, rawIDToken)
}
Reference in New Issue View Git Blame Copy Permalink