httpauth alternatives and similar packages
Based on the "Authentication & OAuth" category.
Alternatively, view httpauth alternatives based on common mentions on social networks and blogs.
-
oauth2
Successor of goauth2. Generic OAuth 2.0 package that comes with JWT, Google APIs, Compute Engine and App Engine support. -
goth
provides a simple, clean, and idiomatic way to use OAuth and OAuth2. Handles multiple provides out of the box. -
authboss
A modular authentication system for the web. It tries to remove as much boilerplate and "hard things" as possible so that each time you start a new web project in Go, you can plug it in, configure, and start building your app without having to build an authentication system each time. -
go-jose
A fairly complete implementation of the JOSE working group's JSON Web Token, JSON Web Signatures, and JSON Web Encryption specs. -
permissions2
Library for keeping track of users, login states and permissions. Uses secure cookies and bcrypt. -
yubigo
a Yubikey client package that provides a simple API to integrate the Yubico Yubikey into a go application. -
sessions
A dead simple, highly performant, highly customizable sessions service for go http servers. -
Facecontrol
Simple yet powerful authentication, single sign-on and (optinal) authorization solution.
Get performance insights in less than 4 minutes
Do you think we are missing an alternative of httpauth or a related project?
README
goji/httpauth

httpauth
currently provides HTTP Basic Authentication middleware for Go. It is compatible with Go's own net/http
, goji, Gin & anything that speaks the http.Handler
interface.
Example
httpauth
provides a SimpleBasicAuth
function to get you up and running. Particularly ideal for development servers.
Note that HTTP Basic Authentication credentials are sent over the wire "in the clear" (read: plaintext!) and therefore should not be considered a robust way to secure a HTTP server. If you're after that, you'll need to use SSL/TLS ("HTTPS") at a minimum.
Install It
$ go get github.com/goji/httpauth
Goji v2
Simple Usage
The fastest and simplest way to get started using httpauth
is to use the
SimpleBasicAuth
function.
package main
import(
"net/http"
"goji.io"
)
func main() {
mux := goji.NewMux()
mux.Use(httpauth.SimpleBasicAuth("dave", "somepassword"))
mux.Use(SomeOtherMiddleware)
// YourHandler now requires HTTP Basic Auth
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
Advanced Usage
For more control over the process, pass a AuthOptions
struct to BasicAuth
instead. This allows you to:
- Configure the authentication realm.
- Provide your own UnauthorizedHandler (anything that satisfies
http.Handler
) so you can return a better looking 401 page. - Define a custom authentication function, which is discussed in the next section.
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
User: "dave",
Password: "plaintext!",
UnauthorizedHandler: myUnauthorizedHandler,
}
mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
Custom Authentication Function
httpauth
will accept a custom authentication function.
Normally, you would not set AuthOptions.User
nor AuthOptions.Password
in this scenario.
You would instead validate the given credentials against an external system such as a database.
The contrived example below is for demonstration purposes only.
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
AuthFunc: myAuthFunc,
UnauthorizedHandler: myUnauthorizedHandler,
}
mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
// myAuthFunc is not secure. It checks to see if the password is simply
// the username repeated three times.
func myAuthFunc(user, pass string, r *http.Request) bool {
return pass == strings.Repeat(user, 3)
}
gorilla/mux
Since it's all http.Handler
, httpauth
works with gorilla/mux (and most other routers) as well:
package main
import (
"net/http"
"github.com/goji/httpauth"
"github.com/gorilla/mux"
)
func main() {
r := mux.NewRouter()
r.HandleFunc("/", YourHandler)
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(r))
http.ListenAndServe(":7000", nil)
}
func YourHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Gorilla!\n"))
}
net/http
If you're using vanilla net/http
:
package main
import(
"net/http"
"github.com/goji/httpauth"
)
func main() {
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(http.HandlerFunc(YourHandler)))
http.ListenAndServe(":7000", nil)
}
Contributing
Send a pull request! Note that features on the (informal) roadmap include HTTP Digest Auth.
License
MIT Licensed. See the LICENSE file for details.
*Note that all licence references and agreements mentioned in the httpauth README section above
are relevant to that project's source code only.