Docs

Go

View on Github

Go

Gravatar for andres.aguiar@auth0.com
By Andres Aguiar

This tutorial demonstrates how to add user login to a Go web application using Auth0. We recommend you to Log in to follow this quickstart with examples configured for your account.

I want to explore a sample app

2 minutes

Get a sample configured with your account settings or check it out on Github.

View on Github
System requirements: Go 1.5.3 and up

New to Auth? Learn How Auth0 works, how it integrates with Regular Web Applications and which protocol it uses.

Configure Auth0

Get Your Application Keys

When you signed up for Auth0, a new application was created for you, or you could have created a new one.

You will need some details about that application to communicate with Auth0. You can get these details from the Application Settings section in the Auth0 dashboard.

You need the following information:

  • Domain
  • Client ID
  • Client Secret

If you download the sample from the top of this page these details are filled out for you.

If you have more than one application in your account, the sample comes with the values for your Default App.

App Dashboard

Configure Callback URLs

A callback URL is a URL in your application where Auth0 redirects the user after they have authenticated.

The callback URL for your app must be whitelisted in the Allowed Callback URLs field in your Application Settings. If this field is not set, users will be unable to log in to the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the callback URL you need to whitelist in the Allowed Callback URLs field is http://localhost:3000/callback.

Configure Logout URLs

A logout URL is a URL in your application that Auth0 can return to after the user has been logged out of the authorization server. This is specified in the returnTo query parameter.

The logout URL for your app must be whitelisted in the Allowed Logout URLs field in your Application Settings. If this field is not set, users will be unable to log out from the application and will get an error.

If you are following along with the sample project you downloaded from the top of this page, the logout URL you need to whitelist in the Allowed Logout URLs field is http://localhost:3000.

Configure Go to Use Auth0

Add Dependencies

Install the following dependencies using go get.

This example uses mux for routing but you can use whichever router you want.

Configure Session Storage

Configure session storage to use FilesystemStore.

Add the Auth0 Callback Handler

You'll need to create a callback handler that Auth0 will call once it redirects to your app. For that, you can do the following:

Remember to set this handler to the /callback path:

Trigger Authentication

Create a file called login.go in the routes/login folder, and add LoginHandler function to handle /login route.

This function sets the configuration for OAuth2 Go to get the authorization url, and redirects the user to the login page.

In server.go file create the router, and add the function created above to handle /login route.

Add a link to /login route in the index.html template.

Display User Information

You can access the user information via the profile you stored in the session previously.

For information about the userinfo hash, see User Profile.

Logout

To log the user out, you have to clear the data from the session, and redirect the user to the Auth0 logout endpoint. You can find more information about this in the logout documentation.

Create a file called logout.go in the folder /routes/logout/logout.go, and add the function LogoutHandler to redirect the user to Auth0's logout endpoint.

The redirect URL needs to be in the list of Allowed Logout URLs in the settings section of the application, For more information, see Redirect Users After Logout.

Add the function to mux handle /logout route.

Create a file called user.js in the folder public, and add the code to remove the cookie from logged user.

This sample is using js.cookie to cookie handling. You need to add js.cookie.js file in the public folder to use it.

Optional Steps

Checking if the User is Authenticated

We can use Negroni to create a Middleware that will check if the user is Authenticated or not.

First, we need to install it via go get:

Then, we should create a middleware that will check if the profile is in the session:

Finally, we can use Negroni to set up this middleware for any route that needs authentication:

Use Auth0 for FREE