supabase-community / gotrue-go Goto Github PK

View Code? Open in Web Editor NEW

19.0 3.0 6.0 90 KB

Typed Golang cilent for the Supabase fork of GoTrue

Home Page: https://pkg.go.dev/github.com/kwoodhouse93/gotrue-go

License: MIT License

Go 99.01% Makefile 0.56% Shell 0.44%

auth client go golang gotrue supabase supabase-auth

gotrue-go's Introduction

gotrue-go

A Golang client library for the Supabase GoTrue API.

⚠️ Using netlify/gotrue?

The types in this library assume you are interacting with a Supabase GoTrue server. It is very unlikely to work with a Netlify GoTrue server.

For more information about the Supabase fork of GoTrue, check out the project here.

Project status

This library is a pre-release work in progress. It has not been thoroughly tested, and the API may be subject to breaking changes, and so it should not be used in production.

The endpoints for SSO SAML are not tested and POST /sso/saml/acs does not provide request and response types. If you need additional support for SSO SAML, please create an issue or a pull request.

Quick start

Install

go get github.com/supabase-community/gotrue-go

Usage

package main

import "github.com/supabase-community/gotrue-go"

const (
    projectReference = "<your_supabase_project_reference>"
    apiKey = "<your_supabase_anon_key>"
)

func main() {
    // Initialise client
    client := gotrue.New(
        projectReference,
        apiKey,
    )

    // Log in a user (get access and refresh tokens)
    resp, err := client.Token(gotrue.TokenRequest{
        GrantType: "password",
        Email: "<user_email>",
        Password: "<user_password>",
    })
    if err != nil {
        log.Fatal(err.Error())
    }
    log.Printf("%+v", resp)
}

Options

The client can be customized with the options below.

In all cases, these functions return a copy of the client. To use the configured value, you must use the returned client. For example:

client := gotrue.New(
    projectRefernce,
    apiKey,
)

token, err := client.Token(gotrue.TokenRequest{
        GrantType: "password",
        Email: email,
        Password: password,
})
if err != nil {
    // Handle error...
}

authedClient := client.WithToken(
    token.AccessToken,
)
user, err := authedClient.GetUser()
if err != nil {
    // Handle error...
}

WithToken

func (*Client) WithToken(token string) *Client

Returns a client that will use the provided token in the Authorization header on all requests.

WithCustomGoTrueURL

func (*Client) WithCustomGoTrueURL(url string) *Client

Returns a client that will use the provided URL instead of https://<project_ref>.supabase.com/auth/v1/. This allows you to use the client with your own deployment of the GoTrue server without relying on a Supabase-hosted project.

WithClient

func (*Client) WithClient(client http.Client) *Client

By default, the library uses a default http.Client. If you want to configure your own, pass one in using WithClient and it will be used for all requests made with the returned *gotrue.Client.

Testing

You don't need to know this stuff to use the library

The library is tested against a real GoTrue server running in a docker image. This also requires a postgres server to back it. These are configured using docker compose.

To run these tests, simply make test.

To interact with docker compose, you can also use make up and make down.

Differences from gotrue-js

Prior users of gotrue-js may be familiar with its subscription mechanism and session management - in line with its ability to be used as a client-side authentication library, in addition to use on the server.

As Go is typically used on the backend, this library acts purely as a convenient wrapper for interacting with a GoTrue server. It provides no session management or subscription mechanism.

gotrue-go's People

Contributors

Stargazers

Watchers

Forkers

wweevv-johndpope arnopensource qinbeans robertb4 minimax18 jamiecrisman

gotrue-go's Issues

PKCE authorization

Feature request

PKCE authorization and code exchange.

Is your feature request related to a problem? Please describe.

Not necessarily, but the code we're migrating utilized the PKCE feature in Supabase. PKCE offers some security bonuses over implicit, which is the current authorization method.

Describe the solution you'd like

In authorize.Authorize we can add a check for PKCE flowtype which adds 2 items into the query:

code_challenge
code_challenge_method

You can write a function to generate the required PKCE parameters. https://github.com/nedpals/supabase-go has a great implementation of this.

After a redirect has been executed, then the a callback function with Token must be executed where a parsed URL parameter is shoved into TokenRequest{ GrantType: "pkce", Code: "code", CodeVerifier: "verifier }.

Add a case for PKCE in token.Token to check for empty code or empty verifier. After that, the code should be serializable into a request so no other changes would need to be made.

Describe alternatives you've considered

The existing form of authorize does work, but forgoes the potential security from PKCE

Additional context

Here's my fork: https://github.com/Qinbeans/gotrue-go

If you're pleased with it, I'd be happy to pull request.

Unable to download the package

Bug report

Describe the bug

I'm was unable to go get the package. Resulting in an error like below

go: github.com/supabase-community/[email protected]: parsing go.mod:
        module declares its path as: github.com/kwoodhouse93/gotrue-go
                but was required as: github.com/supabase-community/gotrue-go

To Reproduce

Init go go mod init example
run go get github.com/supabase-community/gotrue-go

Expected behavior

This package successfully downloaded

Screenshots

System information

OS: Ubuntu 20.04.3 LTS

Additional context

Add callback similar to onAuthStateChange

Feature request

Add in a callback to the gotrue-go client interface so supabase-go can pass in callback. This is to follow the implementation in supabase-js.

I am happy to implement this if maintainers agree with overall concept.

Additional feature to this would be to add automatic token refresh via goroutine in gotrue-go.

Is your feature request related to a problem? Please describe.

N/A

Describe the solution you'd like

Mimic auth-js and add ability to pass in callback for when auth state changes. This would allow me to add a listener in my supabase-go work to listen for auth state changes and not have re-implement every interface to correctly update the clients token. You can see my current work on supabase-go this pr.

Describe alternatives you've considered

Alternatively I can implement this in the supabase-go client and handle automatically refreshing tokens there, but that would break the pattern in auth-js. This just means the supabase-go client logic is a little heavier and maybe prone to later breakages?I think it could go either way.

Additional context

Add any other context or screenshots about the feature request here.

supabase-community / gotrue-go Goto Github PK

gotrue-go's Introduction

gotrue-go

Project status

Quick start

Install

Usage

Options

WithToken

WithCustomGoTrueURL

WithClient

Testing

Differences from gotrue-js

gotrue-go's People

Contributors

Stargazers

Watchers

Forkers

gotrue-go's Issues

Feature request

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Bug report

Describe the bug

To Reproduce

Expected behavior

Screenshots

System information

Additional context

Feature request

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered

Additional context

Recommend Projects

Recommend Topics

Recommend Org