Add OpenAuth client in golang

.changeset/config.json

@@ -2,7 +2,7 @@
   "$schema": "https://unpkg.com/@changesets/[email protected]/schema.json",
   "changelog": "@changesets/cli/changelog",
   "commit": "./commit.cjs",
-  "fixed": [["@openauthjs/openauth"]],
+  "fixed": [["@openauthjs/openauth", "@openauthjs/solid", "@openauthjs/react"]],
   "linked": [],
   "access": "public",
   "baseBranch": "master",

.changeset/lemon-vans-thank.md

@@ -0,0 +1,7 @@
+---
+"@openauthjs/openauth": patch
+"@openauthjs/solid": patch
+"@openauthjs/react": patch
+---
+
+1.0

.changeset/long-snakes-happen.md

@@ -0,0 +1,6 @@
+---
+"@openauthjs/react": patch
+"@openauthjs/solid": patch
+---
+
+provider opt

examples/client/cloudflare-api/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "cloudflare-api",
+  "name": "@openauthjs/example-cloudflare-api",
   "version": "0.0.0",
   "private": true
 }

examples/client/go/issuer.ts

@@ -0,0 +1,34 @@
+import { handle } from "hono/aws-lambda"
+import { issuer } from "@openauthjs/openauth/issuer"
+import { CodeProvider } from "@openauthjs/openauth/provider/code"
+import { CodeUI } from "@openauthjs/openauth/ui/code"
+import { subjects } from "./subjects"
+
+async function getUser(email: string) {
+  // Get user from database
+  // Return user ID
+  return "123"
+}
+
+const app = issuer({
+  subjects,
+  providers: {
+    code: CodeProvider(
+      CodeUI({
+        async sendCode(claims, code) {
+          console.log("sendCode", claims, code)
+        },
+      }),
+    ),
+  },
+  success: async (ctx, value) => {
+    if (value.provider === "code") {
+      const id = await getUser(value.claims.email)
+      return ctx.subject("user", id, { id })
+    }
+    throw new Error("Invalid provider")
+  },
+})
+
+// @ts-ignore
+export const handler = handle(app)

examples/client/go/package.json

@@ -0,0 +1,9 @@
+{
+  "name": "@openauthjs/example-client-go",
+  "type": "module",
+  "version": "0.0.0",
+  "dependencies": {
+    "@openauthjs/openauth": "workspace:*",
+    "sst": "3.5.1"
+  }
+}

examples/client/go/src/go.mod

@@ -0,0 +1,26 @@
+module example-client-go
+
+go 1.23.5
+
+require (
+	github.com/aws/aws-lambda-go v1.48.0
+	github.com/awslabs/aws-lambda-go-api-proxy v0.16.2
+	github.com/sst/sst/v3 v3.13.10
+	github.com/toolbeam/openauth v0.0.0
+)
+
+require (
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
+	github.com/lestrrat-go/httpcc v1.0.1 // indirect
+	github.com/lestrrat-go/httprc/v3 v3.0.0-beta1 // indirect
+	github.com/lestrrat-go/jwx/v3 v3.0.0 // indirect
+	github.com/lestrrat-go/option v1.0.1 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+)
+
+replace github.com/toolbeam/openauth => ../../../../packages/openauth-go

examples/client/go/src/go.sum

@@ -0,0 +1,58 @@
+github.com/aws/aws-lambda-go v1.48.0 h1:1aZUYsrJu0yo5fC4z+Rba1KhNImXcJcvHu763BxoyIo=
+github.com/aws/aws-lambda-go v1.48.0/go.mod h1:dpMpZgvWx5vuQJfBt0zqBha60q7Dd7RfgJv23DymV8A=
+github.com/awslabs/aws-lambda-go-api-proxy v0.16.2 h1:CJyGEyO1CIwOnXTU40urf0mchf6t3voxpvUDikOU9LY=
+github.com/awslabs/aws-lambda-go-api-proxy v0.16.2/go.mod h1:vxxjwBHe/KbgFeNlAP/Tvp4SsVRL3WQamcWRxqVh0z0=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvwDRwnI3hwNaAHRnc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N+AkAr5k=
+github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
+github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=
+github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E=
+github.com/lestrrat-go/httprc/v3 v3.0.0-beta1 h1:pzDjP9dSONCFQC/AE3mWUnHILGiYPiMKzQIS+weKJXA=
+github.com/lestrrat-go/httprc/v3 v3.0.0-beta1/go.mod h1:wdsgouffPvWPEYh8t7PRH/PidR5sfVqt0na4Nhj60Ms=
+github.com/lestrrat-go/jwx/v3 v3.0.0 h1:IRnFNdZx5dJHjTpPVkYqP6TRahJI2Z9v43UwEDJcj6U=
+github.com/lestrrat-go/jwx/v3 v3.0.0/go.mod h1:ak32WoNtHE0aLowVWBcCvXngcAnW4tuC0YhFwOr/kwc=
+github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
+github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
+github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=
+github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc=
+github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
+github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
+github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
+github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/sst/sst/v3 v3.13.10 h1:DohLPpekXerhU8YHM9M8kbx8YB3W4o7tW2qO2b/Ro9g=
+github.com/sst/sst/v3 v3.13.10/go.mod h1:t0+Krbn45bPEvo19BNbP3TACUS6J7TLbM04YvuoX3Gg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

examples/client/go/src/main.go

@@ -0,0 +1,136 @@
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/aws/aws-lambda-go/lambda"
+	"github.com/awslabs/aws-lambda-go-api-proxy/httpadapter"
+	"github.com/sst/sst/v3/sdk/golang/resource"
+	"github.com/toolbeam/openauth/client"
+	"github.com/toolbeam/openauth/subject"
+)
+
+func getOrigin(u *url.URL) string {
+	return fmt.Sprintf("%s://%s", u.Scheme, u.Host)
+}
+
+type UserSubject struct {
+	Id string `json:"id"`
+}
+
+func main() {
+
+	authUrl, err := resource.Get("Auth", "url")
+	if err != nil {
+		panic(err)
+	}
+	var authUrlString string
+	authUrlString = authUrl.(string)
+	if authUrlString == "" {
+		panic("authUrl is empty")
+	}
+
+	// setup the openauth client
+	authClient, err := client.NewClient(client.ClientInput{
+		ClientID: "lambda-api-go",
+		Issuer:   authUrlString,
+		SubjectSchema: subject.SubjectSchemas{
+			"user": func(properties any) (any, error) {
+				user, ok := properties.(map[string]any)
+				if !ok {
+					return nil, errors.New("invalid user type")
+				}
+				if user["id"] == nil {
+					return nil, errors.New("id is required")
+				}
+				// can do other validation here if there are other properties
+				return UserSubject{Id: user["id"].(string)}, nil
+			},
+		},
+	})
+
+	if err != nil {
+		panic(err)
+	}
+
+	mux := http.NewServeMux()
+	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		accessCookie, err := r.Cookie("access_token")
+		if err != nil {
+			http.Redirect(w, r, "/authorize", http.StatusSeeOther)
+			return
+		}
+		verified, err := authClient.Verify(accessCookie.Value, &client.VerifyOptions{})
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		if verified.Tokens != nil {
+			setCookies(w, verified.Tokens.Access, verified.Tokens.Refresh)
+		}
+		w.Header().Set("Content-Type", "application/json")
+		// can do check on the type of the subject to get the correct type to cast to
+		if verified.Subject.Type != "user" {
+			http.Error(w, "invalid subject type", http.StatusInternalServerError)
+			return
+		}
+		json.NewEncoder(w).Encode(verified.Subject.Properties.(UserSubject))
+	})
+	mux.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
+		origin := getOrigin(r.URL)
+		redirectURI := origin + "/callback"
+		authorize, err := authClient.Authorize(redirectURI, "code", &client.AuthorizeOptions{})
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+		http.Redirect(w, r, authorize.URL, http.StatusSeeOther)
+	})
+
+	mux.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) {
+		origin := getOrigin(r.URL)
+		if origin == "" {
+			http.Error(w, "Origin header is required", http.StatusBadRequest)
+			return
+		}
+		redirectURI := origin + "/callback"
+		code := r.URL.Query().Get("code")
+		if code == "" {
+			http.Error(w, "Code is required", http.StatusBadRequest)
+			return
+		}
+		exchanged, err := authClient.Exchange(code, redirectURI, &client.ExchangeOptions{})
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
+		}
+
+		setCookies(w, exchanged.Tokens.Access, exchanged.Tokens.Refresh)
+		http.Redirect(w, r, origin, http.StatusSeeOther)
+	})
+
+	lambda.Start(httpadapter.NewV2(mux).ProxyWithContext)
+}
+
+func setCookies(w http.ResponseWriter, access, refresh string) {
+	http.SetCookie(w, &http.Cookie{
+		Name:     "access_token",
+		Value:    access,
+		MaxAge:   34560000,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
+		HttpOnly: true,
+	})
+	http.SetCookie(w, &http.Cookie{
+		Name:     "refresh_token",
+		Value:    refresh,
+		MaxAge:   34560000,
+		SameSite: http.SameSiteStrictMode,
+		Path:     "/",
+		HttpOnly: true,
+	})
+}

examples/client/go/sst-env.d.ts

@@ -0,0 +1,19 @@
+/* This file is auto-generated by SST. Do not edit. */
+/* tslint:disable */
+/* eslint-disable */
+/* deno-fmt-ignore-file */
+import "sst"
+export {}
+declare module "sst" {
+  export interface Resource {
+    "ApiGo": {
+      "name": string
+      "type": "sst.aws.Function"
+      "url": string
+    }
+    "Auth": {
+      "type": "sst.aws.Auth"
+      "url": string
+    }
+  }
+}

examples/client/go/sst.config.ts

@@ -0,0 +1,29 @@
+/// <reference path="./.sst/platform/config.d.ts" />
+
+export default $config({
+  app(input) {
+    return {
+      name: "openauth",
+      removal: input?.stage === "production" ? "retain" : "remove",
+      home: "aws",
+
+      providers: {
+        aws: {
+          region: "us-east-1",
+        },
+      },
+    }
+  },
+  async run() {
+    const auth = new sst.aws.Auth("Auth", {
+      issuer: "./issuer.handler",
+    })
+
+    const apiGo = new sst.aws.Function("ApiGo", {
+      url: true,
+      runtime: "go",
+      handler: "./src",
+      link: [auth],
+    })
+  },
+})

examples/client/go/subjects.ts

@@ -0,0 +1,8 @@
+import { object, string } from "valibot"
+import { createSubjects } from "@openauthjs/openauth/subject"
+
+export const subjects = createSubjects({
+  user: object({
+    id: string(),
+  }),
+})

examples/client/go/tsconfig.json

@@ -0,0 +1,10 @@
+{
+  "extends": "@tsconfig/node22/tsconfig.json",
+  "compilerOptions": {
+    "module": "ESNext",
+    "moduleResolution": "Bundler",
+    "strict": true,
+    "jsx": "react-jsx",
+    "jsxImportSource": "hono/jsx"
+  }
+}

examples/client/sveltekit/package.json

@@ -11,7 +11,7 @@
     "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch"
   },
   "devDependencies": {
-    "@openauthjs/openauth": "^0.4.3",
+    "@openauthjs/openauth": "workspace:*",
     "@sveltejs/adapter-auto": "^4.0.0",
     "@sveltejs/kit": "^2.16.0",
     "@sveltejs/vite-plugin-svelte": "^5.0.0",

examples/issuer/bun/issuer.ts

@@ -34,7 +34,7 @@ export default issuer({
   },
   success: async (ctx, value) => {
     if (value.provider === "password") {
-      return ctx.subject("user", {
+      return ctx.subject("user", "123", {
         id: await getUser(value.email),
       })
     }

examples/quickstart/sst/package.json

@@ -9,7 +9,7 @@
     "start": "next start"
   },
   "dependencies": {
-    "@openauthjs/openauth": "^0.3.2",
+    "@openauthjs/openauth": "workspace:*",
     "hono": "^4.6.16",
     "next": "15.1.4",
     "react": "^19.0.0",