auth: use jwt

Author: batazor

auth/go.mod

@@ -4,15 +4,14 @@ go 1.25.5
 
 require (
 	github.com/authzed/authzed-go v1.7.0
-	github.com/ory/client-go v1.22.21
 	github.com/shortlink-org/go-sdk/grpc v0.0.0-20260107222411-453281b10921
 	github.com/shortlink-org/go-sdk/logger v0.0.0-20260107222411-453281b10921
 	github.com/shortlink-org/go-sdk/observability v0.0.0-20260121215533-0995bc8d4d88
 	go.opentelemetry.io/otel/trace v1.39.0
 	google.golang.org/grpc v1.78.0
 )
 
-require github.com/klauspost/compress v1.18.2 // indirect
+require github.com/ory/client-go v1.22.21 // indirect
 
 require (
 	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1 // indirect

auth/go.sum

@@ -65,8 +65,6 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
-github.com/ory/client-go v1.22.16 h1:JNjTwJqIb/apOFLeYygrO48wJgZJrLeA01ltM5piMns=
-github.com/ory/client-go v1.22.16/go.mod h1:VJznBChrOG0Fg/nmplykTgTXWPYIfuC/rBvCcL60ukQ=
 github.com/ory/client-go v1.22.21 h1:qYyhozw1UcA94QWMqpetPY2Ir2wwDdv1Wh0Rn668eO0=
 github.com/ory/client-go v1.22.21/go.mod h1:VJznBChrOG0Fg/nmplykTgTXWPYIfuC/rBvCcL60ukQ=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
@@ -101,8 +99,6 @@ github.com/shortlink-org/go-sdk/http v0.0.0-20260107222411-453281b10921 h1:pJSw0
 github.com/shortlink-org/go-sdk/http v0.0.0-20260107222411-453281b10921/go.mod h1:Byc5mjbHKVrp4UFT0SOxYJfKM8B45K0utEl06fZ8K7Y=
 github.com/shortlink-org/go-sdk/logger v0.0.0-20260107222411-453281b10921 h1:mgUyseLj+kSW+R+lhB029ZS2rCJQZOkumRKKvHIFT7o=
 github.com/shortlink-org/go-sdk/logger v0.0.0-20260107222411-453281b10921/go.mod h1:26SEqudMpXAwKF7iNyfxhPoHUgJeHEzx8bw5kCultTQ=
-github.com/shortlink-org/go-sdk/observability v0.0.0-20260107222628-ad66d85c8a41 h1:xo1/NOyh9QHoN1A2je85Jfsy0bivohgf7yongeCWD6w=
-github.com/shortlink-org/go-sdk/observability v0.0.0-20260107222628-ad66d85c8a41/go.mod h1:dLjQilcHlTfVBzVeDK8QdwgiTq5x3sMijWoW7OeWzNo=
 github.com/shortlink-org/go-sdk/observability v0.0.0-20260121215533-0995bc8d4d88 h1:lTszkny6KLkXvLZ2IOC3Y0+aeH25YFLaODheDbakzSs=
 github.com/shortlink-org/go-sdk/observability v0.0.0-20260121215533-0995bc8d4d88/go.mod h1:71EjSBzc/rwe+xLYn1ZMlyQUkbFBFRLwqv/25s38IEQ=
 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=

auth/session/session.go

@@ -2,46 +2,71 @@ package session
 
 import (
 	"context"
-
-	ory "github.com/ory/client-go"
 )
 
 type Session string
 
 const (
-	// ContextSessionKey is the key used to store the session in the context.
-	contextSessionKey = Session("session")
+	// contextClaimsKey is the key used to store JWT claims in the context.
+	contextClaimsKey = Session("jwt-claims")
 
 	// ContextUserIDKey is the key used to store the user id in the context.
 	ContextUserIDKey = Session("user-id")
 )
 
+// Claims represents JWT claims from Oathkeeper id_token mutator.
+// These claims are set by Oathkeeper after validating the session with Kratos.
+type Claims struct {
+	// Subject is the user ID (from Kratos identity)
+	Subject string `json:"sub"`
+	// Email from identity traits
+	Email string `json:"email"`
+	// Name from identity traits
+	Name string `json:"name"`
+	// IdentityID is the Kratos identity ID
+	IdentityID string `json:"identity_id"`
+	// SessionID is the Kratos session ID
+	SessionID string `json:"session_id"`
+	// Metadata from identity metadata_public
+	Metadata map[string]any `json:"metadata"`
+	// Issuer of the token
+	Issuer string `json:"iss"`
+	// IssuedAt timestamp
+	IssuedAt int64 `json:"iat"`
+	// ExpiresAt timestamp
+	ExpiresAt int64 `json:"exp"`
+}
+
 // String returns the string representation of the session.
 func (s Session) String() string {
 	return string(s)
 }
 
-func WithSession(ctx context.Context, session *ory.Session) context.Context {
-	return context.WithValue(ctx, contextSessionKey, session)
+// WithClaims stores JWT claims in the context.
+func WithClaims(ctx context.Context, claims *Claims) context.Context {
+	return context.WithValue(ctx, contextClaimsKey, claims)
 }
 
-func GetSession(ctx context.Context) (*ory.Session, error) {
-	sess := ctx.Value(contextSessionKey)
-	if sess == nil {
+// GetClaims retrieves JWT claims from the context.
+func GetClaims(ctx context.Context) (*Claims, error) {
+	claims := ctx.Value(contextClaimsKey)
+	if claims == nil {
 		return nil, ErrSessionNotFound
 	}
 
-	if session, ok := sess.(*ory.Session); ok {
-		return session, nil
+	if c, ok := claims.(*Claims); ok {
+		return c, nil
 	}
 
 	return nil, ErrSessionNotFound
 }
 
+// WithUserID stores the user ID in the context.
 func WithUserID(ctx context.Context, userID string) context.Context {
 	return context.WithValue(ctx, ContextUserIDKey, userID)
 }
 
+// GetUserID retrieves the user ID from the context.
 func GetUserID(ctx context.Context) (string, error) {
 	userID := ctx.Value(ContextUserIDKey)
 	if userID == nil {

cache/go.mod

@@ -106,7 +106,7 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	go.mongodb.org/mongo-driver v1.17.2 // indirect
-	go.mongodb.org/mongo-driver/v2 v2.4.1 // indirect
+	go.mongodb.org/mongo-driver/v2 v2.4.2 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/otel v1.39.0 // indirect
 	go.opentelemetry.io/otel/exporters/prometheus v0.61.0 // indirect

cache/go.sum

@@ -429,8 +429,6 @@ github.com/prometheus/otlptranslator v1.0.0/go.mod h1:vRYWnXvI6aWGpsdY/mOT/cbeVR
 github.com/prometheus/procfs v0.19.2 h1:zUMhqEW66Ex7OXIiDkll3tl9a1ZdilUOd/F6ZXw4Vws=
 github.com/prometheus/procfs v0.19.2/go.mod h1:M0aotyiemPhBCM0z5w87kL22CxfcH05ZpYlu+b4J7mw=
 github.com/redis/go-redis/v9 v9.0.0-rc.4/go.mod h1:Vo3EsyWnicKnSKCA7HhgnvnyA74wOA69Cd2Meli5mmA=
-github.com/redis/go-redis/v9 v9.17.2 h1:P2EGsA4qVIM3Pp+aPocCJ7DguDHhqrXNhVcEp4ViluI=
-github.com/redis/go-redis/v9 v9.17.2/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370=
 github.com/redis/go-redis/v9 v9.17.3 h1:fN29NdNrE17KttK5Ndf20buqfDZwGNgoUr9qjl1DQx4=
 github.com/redis/go-redis/v9 v9.17.3/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370=
 github.com/redis/rueidis v1.0.70 h1:O01v0Mt27/qXV9mKU/zahgxHdC8piHzIepqW4Nyzn/I=
@@ -546,8 +544,7 @@ gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2
 go.mongodb.org/mongo-driver v1.1.0/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.17.2 h1:gvZyk8352qSfzyZ2UMWcpDpMSGEr1eqE4T793SqyhzM=
 go.mongodb.org/mongo-driver v1.17.2/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
-go.mongodb.org/mongo-driver/v2 v2.4.1 h1:hGDMngUao03OVQ6sgV5csk+RWOIkF+CuLsTPobNMGNI=
-go.mongodb.org/mongo-driver/v2 v2.4.1/go.mod h1:jHeEDJHJq7tm6ZF45Issun9dbogjfnPySb1vXA7EeAI=
+go.mongodb.org/mongo-driver/v2 v2.4.2 h1:HrJ+Auygxceby9MLp3YITobef5a8Bv4HcPFIkml1U7U=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=

db/go.sum

@@ -543,8 +543,6 @@ go.etcd.io/etcd/client/v3 v3.6.6/go.mod h1:36Qv6baQ07znPR3+n7t+Rk5VHEzVYPvFfGmfF
 go.mongodb.org/mongo-driver v1.1.0/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.17.2 h1:gvZyk8352qSfzyZ2UMWcpDpMSGEr1eqE4T793SqyhzM=
 go.mongodb.org/mongo-driver v1.17.2/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
-go.mongodb.org/mongo-driver/v2 v2.4.1 h1:hGDMngUao03OVQ6sgV5csk+RWOIkF+CuLsTPobNMGNI=
-go.mongodb.org/mongo-driver/v2 v2.4.1/go.mod h1:jHeEDJHJq7tm6ZF45Issun9dbogjfnPySb1vXA7EeAI=
 go.mongodb.org/mongo-driver/v2 v2.4.2 h1:HrJ+Auygxceby9MLp3YITobef5a8Bv4HcPFIkml1U7U=
 go.mongodb.org/mongo-driver/v2 v2.4.2/go.mod h1:jHeEDJHJq7tm6ZF45Issun9dbogjfnPySb1vXA7EeAI=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

eventsourcing/go.mod

@@ -95,7 +95,7 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	go.mongodb.org/mongo-driver v1.17.2 // indirect
-	go.mongodb.org/mongo-driver/v2 v2.4.1 // indirect
+	go.mongodb.org/mongo-driver/v2 v2.4.2 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/otel/metric v1.39.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.39.0 // indirect

eventsourcing/go.sum

@@ -472,8 +472,7 @@ gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2
 go.mongodb.org/mongo-driver v1.1.0/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.17.2 h1:gvZyk8352qSfzyZ2UMWcpDpMSGEr1eqE4T793SqyhzM=
 go.mongodb.org/mongo-driver v1.17.2/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
-go.mongodb.org/mongo-driver/v2 v2.4.1 h1:hGDMngUao03OVQ6sgV5csk+RWOIkF+CuLsTPobNMGNI=
-go.mongodb.org/mongo-driver/v2 v2.4.1/go.mod h1:jHeEDJHJq7tm6ZF45Issun9dbogjfnPySb1vXA7EeAI=
+go.mongodb.org/mongo-driver/v2 v2.4.2 h1:HrJ+Auygxceby9MLp3YITobef5a8Bv4HcPFIkml1U7U=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=