Skip to content

Add OIDC middleware #2138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: development
Choose a base branch
from
+530 −1,771
Open

Add OIDC middleware #2138

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d084809
feat: add OpenID Connect middleware with dynamic discovery and userin…
meher745 Aug 6, 2025
6f16546
refactor: update OIDC middleware & discovery per review feedback
meher745 Aug 10, 2025
5955516
Merge branch 'development' into add-oidc-middleware
meher745 Aug 10, 2025
9f29991
Merge branch 'development' into add-oidc-middleware
meher745 Aug 12, 2025
19458af
Refactor OIDC code, fix linter issues, add documentation
meher745 Sep 5, 2025
6c7a0af
Refactor OIDC code, fix linter issues, add documentation
meher745 Sep 5, 2025
6a73f39
Merge remote-tracking branch 'origin/development' into add-oidc-middl…
meher745 Oct 23, 2025
84a5b4c
Merge branch 'development' into add-oidc-middleware
meher745 Oct 23, 2025
102ec9e
Merge branch 'development' into add-oidc-middleware
meher745 Oct 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 64 additions & 0 deletions docs/advanced-guide/oidc-authentication/page.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# OIDC Authentication

OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0 that enables secure user authentication and transmission of user profile information. It allows clients to verify end-user identities based on authentication performed by an authorization server.

## Overview

Authentication is a critical part of securing web applications by ensuring only authorized users can access protected resources. GoFR supports OIDC integration through middleware that validates Bearer tokens and fetches user information from the OIDC provider.

## Setup

To enable OIDC authentication in GoFR, configure the middleware with your OIDC provider’s UserInfo endpoint. This endpoint is used to validate access tokens and retrieve user claims.

## Usage

Here is an example of enabling OIDC authentication middleware in a GoFR application:

```go
package main

import (
"gofr.dev/gofr/pkg/gofr"
"gofr.dev/gofr/pkg/gofr/http/middleware"
)

func main() {
app := gofr.New()

// Configure OIDC Auth Provider with your UserInfo endpoint
oidcProvider := &middleware.OIDCAuthProvider{
UserInfoEndpoint: "https://your-oidc-provider.com/userinfo",
}

// Use the OIDC middleware for authentication
app.Use(middleware.AuthMiddleware(oidcProvider))

// Define a protected route
app.GET("/profile", func(c *gofr.Context) (any, error) {
userClaims := c.UserInfo() // Access claims set by the middleware
return userClaims, nil
})

app.Run()
}
```

## Error Handling

The middleware handles common error scenarios including:

- Missing or empty Bearer tokens
- Invalid or expired tokens
- Failure to fetch or parse user info from the UserInfo endpoint

Appropriate HTTP 401 (Unauthorized) responses will be returned by the middleware in these cases.

## Tips

- Configure reasonable HTTP client timeouts in the middleware to avoid delays calling the UserInfo endpoint.
- Consider caching user info responses if your application makes frequent authorization checks to improve performance.
- Test your OIDC integration using tokens issued by your authorization server and confirm user claims are correctly propagated.

---

This integration enables robust and standardized authentication flows in GoFR applications using OpenID Connect.
23 changes: 4 additions & 19 deletions docs/navigation.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ export const navigation = [
{
title: 'Key Value Store',
href: '/docs/advanced-guide/key-value-store',
desc: "Explore how to implement and manage a key-value store in your GoFr application for fast and efficient data retrieval. Supports BadgerDB, NATS-KV, and DynamoDB."
desc: "Explore how to implement and manage a key-value store in your GoFr application for fast and efficient data retrieval."
},
{
title: 'Dealing with SQL',
Expand Down Expand Up @@ -160,9 +160,9 @@ export const navigation = [
desc: "Discover GoFr auto-enables pprof profiling by leveraging its built-in configurations."
},
{
title: 'Adding Synchronous Startup Hooks',
href: '/docs/advanced-guide/startup-hooks',
desc: "Learn how to seed a database, warm up a cache, or perform other critical setup procedures, synchronously before starting your application."
title: 'OIDC Authentication',
href: '/docs/advanced-guide/oidc-authentication',
desc: 'Learn how to integrate OpenID Connect (OIDC) authentication using GoFR. Covers setup, configuration, and usage for secure authentication flows.'
}
],
},
Expand Down Expand Up @@ -194,11 +194,6 @@ export const navigation = [
href: "/docs/datasources/cockroachdb",
desc: "Learn how to connect to and interact with CockroachDB in GoFr."
},
{
title: "Couchbase",
href: "/docs/datasources/couchbase",
desc: "Learn how to connect to and interact with couchbase database in GoFr."
},
{
title: "DGraph",
href: "/docs/datasources/dgraph",
Expand All @@ -214,11 +209,6 @@ export const navigation = [
href: "/docs/datasources/opentsdb",
desc: "Learn how to connect to and interact with opentsdb database in GoFr."
},
{
title: "OracleDB",
href: "/docs/datasources/oracle",
desc: "Learn how to connect to and interact with oracle database in GoFr."
},
{
title: "ScyllaDB",
href: "/docs/datasources/scylladb",
Expand All @@ -239,11 +229,6 @@ export const navigation = [
href: "/docs/datasources/elasticsearch",
desc: "Learn how to connect to and interact with elasticsearch in GoFr."
},
{
title: "InfluxDB",
href: "/docs/datasources/influxdb",
desc: "Learn how to connect to and interact with influxdb in GoFr."
},
],
},
{
Expand Down
12 changes: 6 additions & 6 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ go 1.25
require (
cloud.google.com/go/pubsub v1.49.0
github.com/DATA-DOG/go-sqlmock v1.5.2
github.com/XSAM/otelsql v0.40.0
github.com/XSAM/otelsql v0.39.0
github.com/alicebob/miniredis/v2 v2.35.0
github.com/dgraph-io/dgo/v210 v210.0.0-20230328113526-b66f8ae53a2d
github.com/eclipse/paho.mqtt.golang v1.5.1
Expand All @@ -26,12 +26,12 @@ require (
github.com/redis/go-redis/v9 v9.14.1
github.com/segmentio/kafka-go v0.4.49
github.com/stretchr/testify v1.11.1
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.63.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.62.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0
go.opentelemetry.io/otel v1.38.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
go.opentelemetry.io/otel/exporters/prometheus v0.60.0
go.opentelemetry.io/otel/exporters/zipkin v1.38.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.37.0
go.opentelemetry.io/otel/exporters/prometheus v0.59.1
go.opentelemetry.io/otel/exporters/zipkin v1.37.0
go.opentelemetry.io/otel/metric v1.38.0
go.opentelemetry.io/otel/sdk v1.38.0
go.opentelemetry.io/otel/sdk/metric v1.38.0
Expand Down
Loading
Loading