goth
goth copied to clipboard
markbates
Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.
In recent months, gothic.go has become coupled to gorilla/mux. See lines 176 onward ```go func getProviderName(req *http.Request) (string, error) { provider := req.URL.Query().Get("provider") if provider == "" { if p,...
Using the new mux addet to go 1.22 natively, the provider name is not picked up. It mostly replaces `gorilla/pat` in many places, e.g. path parameters. There is the alternative...
Using the example I get a panic from the openID connect provider: ``` 2024/04/23 16:12:36 listening on localhost:3000 2024/04/23 16:12:46 http: panic serving [::1]:54814: interface conversion: interface {} is nil,...
add lark oauth support. only support enterprise self-build appication
Not sure why you need the gorilla/sessions package but updating the intenal depemdencies to the latest version breaks gothic login: ``` github.com/gorilla/securecookie v1.1.1 // indirect github.com/gorilla/sessions v1.2.2 // indirect ```...
Normal PKCE authorization URL generation looks like: ```go // Creates the initial authorization url with the state and code challenge. // The state and code verifier are passed back alongside...
Hi, I cannot get azuread oauth working with goth. Has anyone managed to use azuread/azuread2? The error: > securecookie: the value is too long Google sign in works fine. The...
https://github.com/markbates/goth/blob/f4685f5f6edf65de920b6c6c03fc1ffabcb88e68/gothic/gothic.go#L180 `func CompleteUserAuth` In this function, why is there a defer to Logout? --- I've been trying to figure out why my use of gothic is returning a cookie (`_gothic_session`)...
Since go-1.22 the http handler supports path variables in the same way gorilla/mux does. Support this.
Zero-click account takeover Impact This occurs when an attacker is logging in using "Log in with Microsoft". The application checks if the user has an existing account based on the...
