Auth0 allows you to add authentication and gain access to user profile information in your application. This guide demonstrates how to integrate Auth0 with any new or existing Go web application.
To use Auth0 services, you’ll need to have an application set up in the Auth0 Dashboard. The Auth0 application is where you will configure how you want authentication to work for the project you are developing.
Use the interactive selector to create a new Auth0 application or select an existing application that represents the project you want to integrate with. Every application in Auth0 is assigned an alphanumeric, unique client ID that your application code will use to call Auth0 APIs through the SDK.
Any settings you configure using this quickstart will automatically update for your Application in the Dashboard, which is where you can manage your Applications in the future.
If you would rather explore a complete configuration, you can view a sample application instead.
A callback URL is a URL in your application that you would like Auth0 to redirect users to after they have authenticated. If not set, users will not be returned to your application after they log in.
A logout URL is a URL in your application that you would like Auth0 to redirect users to after they have logged out. If not set, users will not be able to log out from your application and will receive an error.
Create a go.mod
file to list all the dependencies in your application.
To integrate Auth0 in a Go application, add thecoreos/go-oidc/v3
and x/oauth2
packages.
In addition to the OIDC and OAuth2 packages, addjoho/godotenv
, gin-gonic/gin
and gin-contrib/sessions
.
Save the go.mod
file with the necessary dependencies and install them using the following command in your terminal:
go mod download
Was this helpful?
You must set the following environment variables in .env
within the root of your project directory:
Next, configure the OAuth2 and OpenID Connect packages.
Create a file called auth.go
in the platform/authenticator
folder. In this package, create a method to
configure and return OAuth2 and
OIDC clients, and another one to verify an ID Token.
Create a file called router.go
in the platform/router
folder. In this package, create a method to configure
and return our routes using github.com/gin-gonic/gin. You will be passing an
instance of Authenticator
to the method, for use with the login
and callback
handlers.
For the user to authenticate themselves, we need to create a handler function to handle the /login
route.
Create a file called login.go
in the web/app/login
folder, and add a Handler
function. Upon executing the handler, the user will be redirected to Auth0 where they can enter their credentials.
To call the /login
route, add a link to /login
in the home.html
template located in the web/template
directory.
<!-- Save this within ./web/template/home.html -->
<div>
<h3>Auth0 Example</h3>
<p>Zero friction identity infrastructure, built for developers</p>
<a href="/login">SignIn</a>
</div>
Was this helpful?
Once users have authenticated using Auth0's Universal Login Page, they will return to the app at the /callback
route.
Create a file called callback.go
in the web/app/callback
folder, and add a Handler
function.
This handler will take the code
query string, provided by Auth0, and exchange it for an ID token and an access token.
If the ID token is valid, it will store the profile information and access token in the session. The profile information is based on the claims contained in the ID token. Session storage allows the application to access that information as needed.
Now that your users can log in, you will likely want to be able to retrieve and use the profile information associated with authenticated users.
You can access that profile information, such as their nickname or profile picture, through the profile
that was stored in the session previously.
Create a handler for the /user
endpoint in web/app/user/user.go
and return the corresponding HTML file. As the profile
is being passed to ctx.HTML()
, you can access the profile information such as picture
and nickname
inside that same HTML file.
An example of such an HTML file could look like the example below, but you can retrieve any profile information, including custom claims.
<!-- Save this within ./web/template/user.html -->
<div>
<img class="avatar" src="{{ .picture }}"/>
<h2>Welcome {{.nickname}}</h2>
</div>
Was this helpful?
To log the user out, clear the data from the session and redirect the user to the Auth0 logout endpoint. You can find more information about this in the logout documentation.
Create a file called logout.go
in the folder web/app/logout
, and add the function Handler
to redirect the user to Auth0's logout endpoint.
Create a file called user.js
in the folder web/static/js
, and add the code to remove the cookie from a logged-in
user.
// Save this within ./web/static/js/user.js
$(document).ready(function () {
$('.btn-logout').click(function (e) {
Cookies.remove('auth-session');
});
});
Was this helpful?
Recommended practice dictates certain routes are accessible only to authenticated users. When unauthenticated users try accessing protected routes, your application should redirect them.
In this case, you will implement middleware to hook into the HTTP request. The middleware function determines if the request should route to the endpoint handler or block the request.
Create a file called isAuthenticated.go
in platform/middleware
and add a function that checks if the user is authenticated or not based on the profile
session key. If the user is not authenticated, the middleware will redirect the user to the root of the application.
With the middleware created, we can set it up for any route that needs authentication by adding it to the router.
// This goes within ./platform/router/router.go
router.GET("/user", middleware.IsAuthenticated, user.Handler)
Was this helpful?
With both the authenticator and router configured, we can wire things up using our
application's entry point. Inside main.go
, create an instance of the authenticator and the router, which gets passed the authenticator instance.
If you are using a .env
file, you must call godotenv.Load()
at the very beginning of the main()
function.
Serve your application by using the following command in your terminal:
go run main.go
Was this helpful?
Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.
This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out:
Sign up for an or to your existing account to integrate directly with your own tenant.