httpauth Alternatives - Go Authentication & OAuth

Popularity

4.7

Stable

Activity

0.0

Stable

Stars 178

Watchers 5

Forks 19

Last Commit over 3 years ago

Programming language: Go

Tags: Authentication & OAuth

httpauth alternatives and similar packages

Based on the "Authentication & OAuth" category

jwt-go

9.4 3.4 httpauth VS jwt-go

Golang implementation of JSON Web Tokens (JWT).
aws-doc-sdk-examples

9.3 9.5 httpauth VS aws-doc-sdk-examples

aws
casbin

9.3 8.1 httpauth VS casbin

An authorization library that supports access control models like ACL, RBAC, ABAC.
oauth2

9.1 3.8 httpauth VS oauth2

Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine and App Engine support.
goth

8.8 7.1 httpauth VS goth

provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple provides out of the box.
go-jose

8.4 7.1 httpauth VS go-jose

A fairly complete implementation of the JOSE working group's JSON Web Token, JSON Web Signatures, and JSON Web Encryption specs.
go-oauth2-server

8.4 2.7 httpauth VS go-oauth2-server

A standalone, specification-compliant, OAuth2 server written in Golang.
gorbac

7.8 0.1 httpauth VS gorbac

provides a lightweight role-based access control (RBAC) implementation in Golang.
loginsrv

7.6 6.4 httpauth VS loginsrv

JWT login microservice with plugable backends such as OAuth2 (Github), htpasswd, osiam.
gologin

7.4 3.0 httpauth VS gologin

chainable handlers for login with OAuth1 and OAuth2 authentication providers.
osin

6.9 0.0 httpauth VS osin

Golang OAuth2 server library.
go.auth

5.8 0.0 httpauth VS go.auth

Authentication API for Go web applications.
Go-AWS-Auth

5.6 0.0 httpauth VS Go-AWS-Auth

AWS (Amazon Web Services) request signing library.
permissions2

5.5 5.3 httpauth VS permissions2

Library for keeping track of users, login states and permissions. Uses secure cookies and bcrypt.
authboss

4.9 0.0 httpauth VS authboss

A modular authentication system for the web. It tries to remove as much boilerplate and "hard things" as possible so that each time you start a new web project in Go, you can plug it in, configure, and start building your app without having to build an authentication system each time.
yubigo

4.6 2.1 httpauth VS yubigo

a Yubikey client package that provides a simple API to integrate the Yubico Yubikey into a go application.
jwt-auth

4.4 1.8 httpauth VS jwt-auth

JWT middleware for goLang http servers with many configuration options.
webauthn

4.3 1.8 httpauth VS webauthn

Easy WebAuthn integration
jwt

3.6 1.3 httpauth VS jwt

A clean and easy to use implmentatino of JSON Web Tokens (JWT).
auth

3.4 7.8 httpauth VS auth

authentication (a.k.a social login) via oauth2
RBAC

2.9 5.7 httpauth VS RBAC

Simple, concurrent Role Based Access Control
sessions

2.3 0.2 httpauth VS sessions

A dead simple, highly performant, highly customizable sessions service for go http servers.
Passhash

1.0 0.0 httpauth VS Passhash

Simple and secure password management in Go
Facecontrol

1.0 0.0 httpauth VS Facecontrol

Simple yet powerful authentication, single sign-on and (optinal) authorization solution.
go-oauth2

0.8 0.0 httpauth VS go-oauth2

No description, website, or topics provided.

Do you think we are missing an alternative of httpauth or a related project?

Add another 'Authentication & OAuth' Package

Popular Comparisons

README

goji/httpauth

httpauth currently provides HTTP Basic Authentication middleware for Go. It is compatible with Go's own net/http, goji, Gin & anything that speaks the http.Handler interface.

Example

httpauth provides a SimpleBasicAuth function to get you up and running. Particularly ideal for development servers.

Note that HTTP Basic Authentication credentials are sent over the wire "in the clear" (read: plaintext!) and therefore should not be considered a robust way to secure a HTTP server. If you're after that, you'll need to use SSL/TLS ("HTTPS") at a minimum.

Install It

$ go get github.com/goji/httpauth

Goji v2

Simple Usage

The fastest and simplest way to get started using httpauth is to use the SimpleBasicAuth function.


package main

import(
    "net/http"

    "goji.io"
)

func main() {
    mux := goji.NewMux()

    mux.Use(httpauth.SimpleBasicAuth("dave", "somepassword"))
    mux.Use(SomeOtherMiddleware)

    // YourHandler now requires HTTP Basic Auth
    mux.Handle(pat.Get("/some-route"), YourHandler))

    log.Fatal(http.ListenAndServe("localhost:8000", mux))
}

Advanced Usage

For more control over the process, pass a AuthOptions struct to BasicAuth instead. This allows you to:

Configure the authentication realm.
Provide your own UnauthorizedHandler (anything that satisfies http.Handler) so you can return a better looking 401 page.
Define a custom authentication function, which is discussed in the next section.


func main() {

    authOpts := httpauth.AuthOptions{
        Realm: "DevCo",
        User: "dave",
        Password: "plaintext!",
        UnauthorizedHandler: myUnauthorizedHandler,
    }

    mux := goji.NewMux()

    mux.Use(BasicAuth(authOpts))
    mux.Use(SomeOtherMiddleware)

    mux.Handle(pat.Get("/some-route"), YourHandler))

    log.Fatal(http.ListenAndServe("localhost:8000", mux))
}

Custom Authentication Function

httpauth will accept a custom authentication function. Normally, you would not set AuthOptions.User nor AuthOptions.Password in this scenario. You would instead validate the given credentials against an external system such as a database. The contrived example below is for demonstration purposes only.

func main() {

    authOpts := httpauth.AuthOptions{
        Realm: "DevCo",
        AuthFunc: myAuthFunc,
        UnauthorizedHandler: myUnauthorizedHandler,
    }

    mux := goji.NewMux()

    mux.Use(BasicAuth(authOpts))
    mux.Use(SomeOtherMiddleware)

    mux.Handle(pat.Get("/some-route"), YourHandler))

    log.Fatal(http.ListenAndServe("localhost:8000", mux))
}

// myAuthFunc is not secure.  It checks to see if the password is simply
// the username repeated three times.
func myAuthFunc(user, pass string, r *http.Request) bool {
    return pass == strings.Repeat(user, 3)
}

gorilla/mux

Since it's all http.Handler, httpauth works with gorilla/mux (and most other routers) as well:

package main

import (
    "net/http"

    "github.com/goji/httpauth"
    "github.com/gorilla/mux"
)

func main() {
    r := mux.NewRouter()

    r.HandleFunc("/", YourHandler)
    http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(r))

    http.ListenAndServe(":7000", nil)
}

func YourHandler(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("Gorilla!\n"))
}

net/http

If you're using vanilla net/http:

package main

import(
    "net/http"

    "github.com/goji/httpauth"
)

func main() {
    http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(http.HandlerFunc(YourHandler)))
    http.ListenAndServe(":7000", nil)
}

Contributing

Send a pull request! Note that features on the (informal) roadmap include HTTP Digest Auth.

License

MIT Licensed. See the LICENSE file for details.

*Note that all licence references and agreements mentioned in the httpauth README section above are relevant to that project's source code only.

httpauth

HTTP Authentication middleware.