Add Login to Your Go Application

Auth0 allows you to add authentication and gain access to user profile information in your application. This guide demonstrates how to integrate Auth0 with any new or existing Go web application.

1

Configure Auth0

To use Auth0 services, you’ll need to have an application set up in the Auth0 Dashboard. The Auth0 application is where you will configure how you want authentication to work for the project you are developing.

Configure an application

Use the interactive selector to create a new Auth0 application or select an existing application that represents the project you want to integrate with. Every application in Auth0 is assigned an alphanumeric, unique client ID that your application code will use to call Auth0 APIs through the SDK.

Any settings you configure using this quickstart will automatically update for your Application in the Dashboard, which is where you can manage your Applications in the future.

If you would rather explore a complete configuration, you can view a sample application instead.

Configure Callback URLs

A callback URL is a URL in your application that you would like Auth0 to redirect users to after they have authenticated. If not set, users will not be returned to your application after they log in.

Configure Logout URLs

A logout URL is a URL in your application that you would like Auth0 to redirect users to after they have logged out. If not set, users will not be able to log out from your application and will receive an error.

2

Install dependencies

Create a go.mod file to list all the dependencies in your application.

To integrate Auth0 in a Go application, add thecoreos/go-oidc/v3 and x/oauth2 packages.

In addition to the OIDC and OAuth2 packages, addjoho/godotenv, gin-gonic/gin and gin-contrib/sessions.

Save the go.mod file with the necessary dependencies and install them using the following command in your terminal:

go mod download

Was this helpful?

/
3

Configure the environment variables

You must set the following environment variables in .env within the root of your project directory:

  • AUTH0_DOMAIN: The domain of your Auth0 tenant. Find your Auth0 Domain in the Auth0 Dashboard under your Application's Settings in the Domain field. For custom domains, set this to the value of your custom domain instead.
  • AUTH0_CLIENT_ID: The ID of the Auth0 Application you set up earlier in this quickstart. Find this in the Auth0 Dashboard under your Application's Settings in the Client ID field.
  • AUTH0_CLIENT_SECRET: The Secret of the Auth0 Application you set up earlier in this quickstart. Find this in the Auth0 Dashboard under your Application's Settings in the Client Secret field.
  • AUTH0_CALLBACK_URL: The URL used by Auth0 to redirect the user after successful authentication.
4

Configure OAuth2 and OpenID Connect packages

Next, configure the OAuth2 and OpenID Connect packages.

Create a file called auth.go in the platform/authenticator folder. In this package, create a method to configure and return OAuth2 and OIDC clients, and another one to verify an ID Token.

5

Set up your application routes

Create a file called router.go in the platform/router folder. In this package, create a method to configure and return our routes using github.com/gin-gonic/gin. You will be passing an instance of Authenticator to the method, for use with the login and callback handlers.

6

Add login to your application

For the user to authenticate themselves, we need to create a handler function to handle the /login route.

Create a file called login.go in the web/app/login folder, and add a Handler function. Upon executing the handler, the user will be redirected to Auth0 where they can enter their credentials.

To call the /login route, add a link to /login in the home.html template located in the web/template directory.

<!-- Save this within ./web/template/home.html -->

<div>
    <h3>Auth0 Example</h3>
    <p>Zero friction identity infrastructure, built for developers</p>
    <a href="/login">SignIn</a>
</div>

Was this helpful?

/
7

Handle authentication callback

Once users have authenticated using Auth0's Universal Login Page, they will return to the app at the /callback route.

Create a file called callback.go in the web/app/callback folder, and add a Handler function.

This handler will take the code query string, provided by Auth0, and exchange it for an ID token and an access token.

If the ID token is valid, it will store the profile information and access token in the session. The profile information is based on the claims contained in the ID token. Session storage allows the application to access that information as needed.

8

Display user profile information

Now that your users can log in, you will likely want to be able to retrieve and use the profile information associated with authenticated users.

You can access that profile information, such as their nickname or profile picture, through the profile that was stored in the session previously.

Create a handler for the /user endpoint in web/app/user/user.go and return the corresponding HTML file. As the profile is being passed to ctx.HTML(), you can access the profile information such as picture and nickname inside that same HTML file.

An example of such an HTML file could look like the example below, but you can retrieve any profile information, including custom claims.

<!-- Save this within ./web/template/user.html -->

<div>
    <img class="avatar" src="{{ .picture }}"/>
    <h2>Welcome {{.nickname}}</h2>
</div>

Was this helpful?

/
9

Add logout to your application

To log the user out, clear the data from the session and redirect the user to the Auth0 logout endpoint. You can find more information about this in the logout documentation.

Create a file called logout.go in the folder web/app/logout, and add the function Handler to redirect the user to Auth0's logout endpoint.

Create a file called user.js in the folder web/static/js, and add the code to remove the cookie from a logged-in user.

// Save this within ./web/static/js/user.js

$(document).ready(function () {
    $('.btn-logout').click(function (e) {
        Cookies.remove('auth-session');
    });
});

Was this helpful?

/
10

Protect routes

Recommended practice dictates certain routes are accessible only to authenticated users. When unauthenticated users try accessing protected routes, your application should redirect them.

In this case, you will implement middleware to hook into the HTTP request. The middleware function determines if the request should route to the endpoint handler or block the request.

Create a file called isAuthenticated.go in platform/middleware and add a function that checks if the user is authenticated or not based on the profile session key. If the user is not authenticated, the middleware will redirect the user to the root of the application.

With the middleware created, we can set it up for any route that needs authentication by adding it to the router.

// This goes within ./platform/router/router.go

router.GET("/user", middleware.IsAuthenticated, user.Handler)

Was this helpful?

/
11

Serve your application

With both the authenticator and router configured, we can wire things up using our application's entry point. Inside main.go, create an instance of the authenticator and the router, which gets passed the authenticator instance.

If you are using a .env file, you must call godotenv.Load() at the very beginning of the main() function.

Serve your application by using the following command in your terminal:

go run main.go

Was this helpful?

/

Next Steps

Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application.

This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out:

  • Auth0 Dashboard - Learn how to configure and manage your Auth0 tenant and applications
  • Auth0 Marketplace - Discover integrations you can enable to extend Auth0’s functionality

Did it work?

Any suggestion or typo?

Edit on GitHub
Sign Up

Sign up for an or to your existing account to integrate directly with your own tenant.