shareed2k / goth_fiber Goto Github PK

Package goth_fiber provides a simple, clean, and idiomatic way to write authentication packages for fiber framework applications.

License: MIT License

Go 100.00%

fiber-framework oauth2 oauth goth

goth_fiber's Introduction

Goth-Fiber: Multi-Provider Authentication for Go

Is wrapper for goth library to use with fiber Framework, provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.

Unlike other similar packages, Goth, lets you write OAuth, OAuth2, or any other protocol providers, as long as they implement the Provider and Session interfaces.

Installation

$ go get github.com/shareed2k/goth_fiber

Supported Providers

Amazon
Apple
Auth0
Azure AD
Battle.net
Bitbucket
Box
Cloud Foundry
Dailymotion
Deezer
Digital Ocean
Discord
Dropbox
Eve Online
Facebook
Fitbit
Gitea
GitHub
Gitlab
Google
Google+ (deprecated)
Heroku
InfluxCloud
Instagram
Intercom
Kakao
Lastfm
Linkedin
LINE
Mailru
Meetup
MicrosoftOnline
Naver
Nextcloud
OneDrive
OpenID Connect (auto discovery)
Paypal
SalesForce
Shopify
Slack
Soundcloud
Spotify
Steam
Strava
Stripe
Tumblr
Twitch
Twitter
Typetalk
Uber
VK
Wepay
Xero
Yahoo
Yammer
Yandex

Examples

See the examples folder for a working application that lets users authenticate through Twitter, Facebook, Google Plus etc.

To run the example either clone the source from GitHub

$ git clone [email protected]/shareed2k/goth_fiber.git

$ go get github.com/shareed2k/goth_fiber

$ cd goth_fiber/examples
$ go get -v
$ go build
$ ./examples

Now open up your browser and go to http://localhost:8088/login/google to see the example.

To actually use the different providers, please make sure you set environment variables. Example given in the examples/main.go file

Security Notes

By default, goth_fiber uses a Session from the gofiber/session package to store session data.

As configured, goth will generate cookies with the following session.Config:

    session.Config{
	    Expiration: 24 * time.Hour,
	    Storage:    memory.New(),
	    KeyLookup: "cookie:_gothic_session",
	    CookieDomain: "",
	    CookiePath: "",
	    CookieSecure: false,
	    CookieHTTPOnly: true,
	    CookieSameSite: "Lax",
	    KeyGenerator: utils.UUIDv4,
	}

To tailor these fields for your application, you can override the goth_fiber.SessionStore variable at startup.

The following snippet shows one way to do this:

    // optional config
    config := session.Config{
	    Expiration:     30 * time.Minutes,
	    Storage:        sqlite3.New(), // From github.com/gofiber/storage/sqlite3
	    KeyLookup:      "header:session_id",
	    CookieDomain:   "google.com",
	    CookiePath:     "/users",
	    CookieSecure:   os.Getenv("ENVIRONMENT") == "production",
	    CookieHTTPOnly: true, // Should always be enabled
	    CookieSameSite: "Lax",
	    KeyGenerator:   utils.UUIDv4,
	}

    // create session handler
    sessions := session.New(config)

    goth_fiber.SessionStore = sessions

Issues

Issues always stand a significantly better chance of getting fixed if they are accompanied by a pull request.

Contributing

Would I love to see more providers? Certainly! Would you love to contribute one? Hopefully, yes!

Fork it
Create your feature branch (git checkout -b my-new-feature)
Write Tests!
Commit your changes (git commit -am 'Add some feature')
Push to the branch (git push origin my-new-feature)
Create new Pull Request

goth_fiber's People

Contributors

Stargazers

Watchers

Forkers

imvexed arbreton wends155 zikes ajf-sa davidkarolyi skeswa ksewo azakic sarvesh189 rjarmstrong noooste cnwangjie

goth_fiber's Issues

could not find a matching session for this request when Fiber is preforked or scaled

From what I understand, this module uses session based in memory, where the app retrieves the session id which is a uuid stored in browser cookie with key "_gothic_session", and the session id gets redeemed when passed into the app at CompleteUserAuth() function, however, the problem is when the app is preforked (native to gofiber) or scaled to multiple pods using Kubernetes, if the loadbalancer hits the right PID/pod where the session is stored, I'll get userinfo back correctly, but when it hits the different PID/pod where the session is not stored in, I'll get could not find a matching session for this request, (to demonstrate: if a session id was generated on PID 1, but it was sent to be redeemed on PID 2, this would fail because PID 2 couldn't find it, I have to press refresh until it hits the right instance)

How can I fix this scaling problem?

Error after login

The program crashes after calling the \auth\callback with an error

could not find a matching session for this request

This is the callback url I am using http://127.0.0.1:8088/auth/callback?provider=google

what went wrong?

Skipping a scope of "openid connect" or "email" results in panic

I was trying to do google OAuth 2.0 login with the following scope -

	goth.UseProviders(
		gothGoogle.New(os.Getenv("OAUTH_KEY"), os.Getenv("OAUTH_SECRET"), "http://localhost:3000/auth/callback", "https://www.googleapis.com/auth/drive.metadata.readonly"),
	)

This results in goth crashing at gothv1,74.1/providers/google/session.go during authorize and token exchange -
On line 44, goth assumes that an id_token is always returned. However, only if we add "email" or "open_id connect" in the scopes, we will get the scope. Otherwise, goth crashes because id_token is never returned.

If you are okay, I can submit a PR for this.

Confusion with auto-logout

Hey - thanks for writing this awesome library!

I have a quick question: why does CompleteUserAuth automatically defer an invocation of Logout(...)? It seems to me that this makes keeping any user information attached to the session impossible after calling CompleteUserAuth, since the session will always be destroyed immediately afterwards.

I can work around this issue by sort of mimicking the functionality of CompleteUserAuth without Logout myself, but I thought I might as well ask for come clarification since I must be missing something.

Thanks again,
Sandile

override goth_fiber.Session

Dear Shareed2K,

I am trying to override goth_fiber.Session in order to use my own handler with Redis as a storage.

I read the documentation, unfortunately there is no such thing as goth_fiber.Session ...

When I try to modify goth_fiber.SessionStore, I got this error :
[session] Register this type first with the RegisterType method.

Am I missing something?
Best regards,
Jeff

Issue with new v2 go.mod

Hey again 👋

It looks like the package was updated successfully to have fiber v2 support but the go.mod has a malformed package name. I believe it is potentially due to the fact that the go module github.com/Shareed2k/goth_fiber/v2 does not match the path in Github, github.com/Shareed2k/goth_fiber.

I think the remediation would be to do what GO Packr does. They mitigate this by adding a separate folder in the repository called v2 with it's own go.mod file.

That way you maintain backwards compatibility for prior version of Fiber, make go get easy, and keep the two versions easy to differentiate between within the repo itself.

Hope this is helpful! 😄

fiber/v2

Don't work with fiber/v2

Setting expired cookies.

I haven't modified goth_fiber.SessionStore yet when I hit the callback the cookie that gets sent from the server is already expired.
I tried setting the session like this https://github.com/markbates/goth#security-notes but still to no result.
Does anybody have a clue why is this happening ?

you must select a provider error

Hello,
i have encountered a problem with my code:
`goth.UseProviders(
discord.New(cfg.ClientID, cfg.OAuth2Secret, "http://127.0.0.1:3000/auth/callback"),
)

app.Get("/login", goth_fiber.BeginAuthHandler)
app.Get("/auth/callback", func(c *fiber.Ctx) error {
	user, err := goth_fiber.CompleteUserAuth(c)
	if err != nil {
		fmt.Println(err)
		return err
	}

	fmt.Println(user)
	return nil
})`

Everything works fine except it saying "you must select a provider" while going to /login because I couldn't find any documentation on how to pass it to goth_fiber, so i wanted to ask how you do that

How to switch off session handling altogether

How can i disable sessions in this lib?
I only want to use goth to fetch the user details from the social provider. After than I want to handle session manually (not using gofiber session/storage).

2024/03/30 20:32:51 could not find a matching session for this request exit status 1

Hello i think my code is ok but it throws err

2024/03/30 20:32:51 could not find a matching session for this request
exit status 1

my repo link

main.go
https://github.com/sameer-gits/go-fiber/blob/main/main.go

routes.go
https://github.com/sameer-gits/go-fiber/blob/main/routes/routes.go