Comments (3)
Can we fetch email also from google and github provider and update in claim token (as of now it have name, id and avatar only)?
The scopes and mapping functions defined as a part of the provider's init, for example this is the one for google. As you can see both scope and mapping functions are predefined and have no hooks to be customized. However, the scope we use here gives access to email as well but the mapping drops it intentionally. Either way, the simplest way to change this behavior is to add your own flavor of google provider with email mapped. This can be done with service.AddCustomHandler
. See this PR for more info and it also documented in README. In addition, provided example shows how to add a custom handler.
Pls note: there is an open ticket #37 around the same problem
What's the best location to check whether user account exists in our platform or not? I was thinking it might be Validator, but validator is invoked at every call. Any tips on how can I optimize it? Maybe just check once, while generating JWT token using provided secret?
See https://github.com/go-pkgz/auth#customization, namely a section describing ClaimsUpdater
. This one is called at the login time only, and probably can be used for any checks you need. There is an example showing how to alter claims with the ClaimsUpdater
.
hope it helps.
from auth.
Thanks alot, everything works now as per your advice.
I have one more question to ask. I want to have an option to register at my website directly instead of using external providers like google, github etc. So user can either use external providers to login or just directly login with registered username and password.
So, one way would be just host my own oauth server, but I was looking at Direct authentication section in README and it looks something similar to what I want to achieve.
Just use direct authentication, check if username and password is correct, if yes, it will issue a JWT token back, am I right?
As the frontend and backend is trusted, I really don't need to host an oauth server, something like simple session management will do the trick, but it will increase the complexity of having two different authentication protocols. So in this scenario, Direct authentication sounds good to me.
Would it be a ok to use it for a production system? Does the direct authentication method have any shortcomings?
from auth.
Direct auth will work just fine. It will check passed credentials and issue a token, exactly the same as the real ouath providers.
Would it be a ok to use it for a production system? Does the direct authentication method have any shortcomings?
This method as good as CredCheckerFunc
you provide, nonthing inherently "non-production" here.
Btw, alternatively, you can setup the real oauth2 server with your own login handler. This way can be useful if you want to make your own SSO type of auth. For more details see providers.CustomServer
from auth.
Related Issues (20)
- Support OpenID and 3rd party IdTokens with cookie-less authentication HOT 7
- Auth status handler panics if user didn't finish the auth process HOT 2
- Support work/school accounts from Azure AD in addition to personal Microsoft accounts
- Bug: auth should also check if xsrf token is set in cookies after checking via headers HOT 12
- twitter oauth now required to use oauth2 - unless you have elevated access HOT 4
- Give an access to bearer token, aquired during authentication proccess HOT 12
- Avatar store connection problems HOT 1
- Bug: (/_example) Using "Login with custom_123" results in "Invalid Request" HOT 2
- [Q] Why don't we use refresh token? HOT 2
- Password in GET is Insecure HOT 1
- Add Mastodon? HOT 1
- 2fa support
- Cannot disable avatar support HOT 4
- Dependency error while downloading auth on Go 1.20 HOT 4
- How to implement Google One Tap
- User email and info on Google Log in
- remove bluemonday as an unreliable dependency HOT 2
- Is there a way to use the token after login? HOT 1
- Planned support for anonymous auth? HOT 1
- XSRF Protections Blocking Browser-sent GET Requests HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth.