Popularity

8.0

Growing

Activity

8.3

Declining

Stars 1,887

Watchers 27

Forks 143

Last Commit 1 day ago

Programming language: Go

License: MIT License

Tags: Authentication & OAuth

Latest version: v2.3.0

gologin alternatives and similar packages

Based on the "Authentication & OAuth" category.
Alternatively, view gologin alternatives based on common mentions on social networks and blogs.

authelia

9.8 9.9 gologin VS authelia

The Single Sign-On Multi-Factor portal for web apps
casbin

9.8 6.4 gologin VS casbin

An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN

CodeRabbit: AI Code Reviews for Developers

Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

Promo coderabbit.ai

aws-doc-sdk-examples

9.8 9.8 gologin VS aws-doc-sdk-examples

Welcome to the AWS Code Examples Repository. This repo contains code examples used in the AWS documentation, AWS SDK Developer Guides, and more. For more information, see the Readme.md file below.
jwt-go

9.7 1.0 gologin VS jwt-go

DISCONTINUED. ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at:
oauth2

9.2 6.6 gologin VS oauth2

Go OAuth2
goth

9.1 5.9 gologin VS goth

Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.
authboss

8.7 5.9 gologin VS authboss

The boss of http auth.
go-jose

8.4 0.0 gologin VS go-jose

DISCONTINUED. An implementation of JOSE standards (JWE, JWS, JWT) in Go
go-oidc

8.3 3.9 gologin VS go-oidc

A Go OpenID Connect client.
go-oauth2-server

8.3 0.0 gologin VS go-oauth2-server

A standalone, specification-compliant, OAuth2 server written in Golang.
github.com/lestrrat-go/jwx/v2

8.0 8.7 gologin VS github.com/lestrrat-go/jwx/v2

Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies
loginsrv

8.0 0.0 gologin VS loginsrv

JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
gorbac

7.9 2.1 gologin VS gorbac

goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.
auth

7.4 7.2 gologin VS auth

Authenticator via oauth2, direct, email and telegram
osin

7.0 0.0 gologin VS osin

DISCONTINUED. Golang OAuth2 server library.
permissions2

6.4 6.8 gologin VS permissions2

DISCONTINUED. :closed_lock_with_key: Middleware for keeping track of users, login states and permissions
go.auth

6.2 0.0 gologin VS go.auth

DISCONTINUED. Authentication API for Go web applications.
Go-AWS-Auth

6.0 0.0 gologin VS Go-AWS-Auth

DISCONTINUED. AWS (Amazon Web Services) request signing library.
jwt-auth

5.5 1.8 gologin VS jwt-auth

This package provides json web token (jwt) middleware for goLang http servers
httpauth

5.3 0.0 gologin VS httpauth

HTTP Authentication middlewares
webauthn

4.7 0.0 gologin VS webauthn

DISCONTINUED. Go package for easy WebAuthn integration
yubigo

4.6 0.0 gologin VS yubigo

Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure.
jwt

4.6 0.0 gologin VS jwt

DISCONTINUED. This is an implementation of JWT in golang!
RBAC

4.3 0.0 gologin VS RBAC

RBAC - Simple, concurrent Role Based Access Control(GO)
sessions

3.7 0.0 gologin VS sessions

A dead simple, highly performant, highly customizable sessions middleware for go http servers.
Passhash

1.2 3.9 gologin VS Passhash

Go library providing simple and secure password management
Facecontrol

1.2 0.0 gologin VS Facecontrol

Simple authentication, single sign-on and (optinal) authorization solution.
go-oauth2

0.8 0.0 gologin VS go-oauth2

No description, website, or topics provided.

Do you think we are missing an alternative of gologin or a related project?

Add another 'Authentication & OAuth' Package

Popular Comparisons

README

gologin

Package gologin provides chainable login http.Handler's for Google, Github, Twitter, Facebook, Bitbucket, Tumblr, or any OAuth1 or OAuth2 authentication providers.

Choose a subpackage. Register the LoginHandler and CallbackHandler for web logins or the TokenHandler for (mobile) token logins. Get the authenticated user or access token from the request context.

See [examples](examples) for tutorials with apps you can run from the command line.

Features

LoginHandler and CallbackHandler support web login flows
TokenHandler supports native mobile token login flows
Obtain the user or access token from the context
Configurable OAuth 2 state parameter handling (CSRF protection)
Configurable OAuth 1 request secret handling

Install

go get github.com/dghubble/gologin

Docs

Read GoDoc or check the [examples](examples).

Overview

Package gologin provides http.Handler's which can be chained together to implement authorization flows by passing data (e.g. tokens, users) via the request context. gologin handlers take success and failure next http.Handler's to be called when authentication succeeds or fails. Chaining allows advanced customization, if desired. Once authentication succeeds, your success handler will have access to the user's access token and associated User/Account.

Usage

Choose a subpackage such as github or twitter. LoginHandler and Callback http.Handler's chain together lower level oauth1 or oauth2 handlers to authenticate users and fetch the Github or Twitter User, before calling your success http.Handler.

Let's walk through Github and Twitter web login examples.

Github OAuth2

config := &oauth2.Config{
    ClientID:     "GithubClientID",
    ClientSecret: "GithubClientSecret",
    RedirectURL:  "http://localhost:8080/callback",
    Endpoint:     githubOAuth2.Endpoint,
}
mux := http.NewServeMux()
stateConfig := gologin.DebugOnlyCookieConfig
mux.Handle("/login", github.StateHandler(stateConfig, github.LoginHandler(config, nil)))
mux.Handle("/callback", github.StateHandler(stateConfig, github.CallbackHandler(config, issueSession(), nil)))

The StateHandler checks for an OAuth2 state parameter cookie, generates a non-guessable state as a short-lived cookie if missing, and passes the state value in the ctx. The CookieConfig allows the cookie name or expiration (default 60 seconds) to be configured. In production, use a config like gologin.DefaultCookieConfig which sets Secure true to require cookies be sent over HTTPS. If you wish to persist state parameters a different way, you may chain your own http.Handler. (info)

The github LoginHandler reads the state from the ctx and redirects to the AuthURL (at github.com) to prompt the user to grant access. Passing nil for the failure handler just means the DefaultFailureHandler should be used, which reports errors. (info)

The github CallbackHandler receives an auth code and state OAuth2 redirection, validates the state against the state in the ctx, and exchanges the auth code for an OAuth2 Token. The github CallbackHandler wraps the lower level oauth2 CallbackHandler to further use the Token to obtain the Github User before calling through to the success or failure handlers.

Next, write the success http.Handler to do something with the Token and Github User added to the ctx.

func issueSession() http.Handler {
    fn := func(w http.ResponseWriter, req *http.Request) {
        ctx := req.Context()
        token, _ := oauth2Login.TokenFromContext(ctx)
        githubUser, err := github.UserFromContext(ctx)
        // handle errors and grant the visitor a session (cookie, token, etc.)
    }
    return http.HandlerFunc(fn)
}

See the [Github tutorial](examples/github) for a web app you can run from the command line.

Twitter OAuth1

config := &oauth1.Config{
    ConsumerKey:    "TwitterConsumerKey",
    ConsumerSecret: "TwitterConsumerSecret",
    CallbackURL:    "http://localhost:8080/callback",
    Endpoint:       twitterOAuth1.AuthorizeEndpoint,
}
mux := http.NewServeMux()
mux.Handle("/login", twitter.LoginHandler(config, nil))
mux.Handle("/callback", twitter.CallbackHandler(config, issueSession(), nil))

The twitter LoginHandler obtains a request token and secret, adds them to the ctx, and redirects to the AuthorizeURL to prompt the user to grant access. Passing nil for the failure handler just means the DefaultFailureHandler should be used, which reports errors. (info)

The twitter CallbackHandler receives an OAuth1 token and verifier, reads the request secret from the ctx, and obtains an OAuth1 access token and secret. The twitter CallbackHandler wraps the lower level oauth1 CallbackHandler to further use the access token/secret to obtain the Twitter User before calling through to the success or failure handlers.

Next, write the success http.Handler to do something with the access token/secret and Twitter User added to the ctx.

func success() http.Handler {
    fn := func(w http.ResponseWriter, req *http.Request) {
        ctx := req.Context()
        accessToken, accessSecret, _ := oauth1Login.AccessTokenFromContext(ctx)
        twitterUser, err := twitter.UserFromContext(ctx)
        // handle errors and grant the visitor a session (cookie, token, etc.)
    }
    return http.HandlerFunc(fn)
}

*Note: Some OAuth1 providers (not Twitter), require the request secret be persisted until the callback is received. For this reason, the lower level oauth1 package splits LoginHandler functionality into a LoginHandler and AuthRedirectHandler. Provider packages, like tumblr, chain these together for you, but the lower level handlers are there if needed.

See the [Twitter tutorial](examples/twitter) for a web app you can run from the command line.

State Parameters

OAuth2 StateHandler implements OAuth 2 RFC 6749 10.12 CSRF Protection using non-guessable values in short-lived HTTPS-only cookies to provide reasonable assurance the user in the login phase and callback phase are the same. If you wish to implement this differently, write a http.Handler which sets a state in the ctx, which is expected by LoginHandler and CallbackHandler.

You may use oauth2.WithState(context.Context, state string) for this. docs

Failure Handlers

If you wish to define your own failure http.Handler, you can get the error from the ctx using gologin.ErrorFromContext(ctx).

Mobile

Twitter includes a TokenHandler which can be useful for building APIs for mobile devices which use Login with Twitter.

Goals

Create small, chainable handlers to correctly implement the steps of common authentication flows. Handle provider-specific validation requirements.

Motivations

Package gologin implements authorization flow steps with chained handlers.

Authentication should be performed with chainable handlers to allow customization, swapping, or adding additional steps easily.
Authentication should be orthogonal to the session system. Let users choose their session/token library.
OAuth2 State CSRF should be included out of the box, but easy to customize.
Packages should import only what is required. OAuth1 and OAuth2 packages are separate.
http.Handler and context are powerful, flexible, and in the standard library.

Projects goth and gomniauth aim to provide a similar login solution with a different design. Check them out if you decide you don't like the ideas in gologin.

Contributing

New auth providers can be implemented by composing the handlers in the oauth1 or oauth2 subpackages. See the Contributing Guide.

License

[MIT License](LICENSE)

*Note that all licence references and agreements mentioned in the gologin README section above are relevant to that project's source code only.

gologin

Go login handlers for authentication providers (OAuth1, OAuth2)

gologin alternatives and similar packages

Popular Comparisons

README

gologin

Features

Install

Docs

Overview

Usage

Github OAuth2

Twitter OAuth1

State Parameters

Failure Handlers

Mobile

Goals

Motivations

Contributing

License