在使用 Auth0 的 Golang 服务器中查找当前用户名称。

huangapple go评论163阅读模式
英文:

Find out current user name in golang server that uses Auth0

问题

我正在使用auth0golang实现一个类似这里所示的REST服务。

我想知道如何找出当前触发某个API调用的用户名称-例如,如果有人请求http://localhost:3000/products,则此情况下的go处理程序如下所示:

var ProductsHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    payload, _ := json.Marshal(products)

    w.Header().Set("Content-Type", "application/json")
    w.Write([]byte(payload))
})

请求r是否包含有关当前用户的更多信息?

还是我需要在身份验证中间件中找出当前用户:

func authMiddleware(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        secret := []byte("{YOUR-AUTH0-API-SECRET}")
        secretProvider := auth0.NewKeyProvider(secret)
        audience := "{YOUR-AUTH0-API-AUDIENCE}"

        configuration := auth0.NewConfiguration(secretProvider, audience, "https://{YOUR-AUTH0-DOMAIN}.auth0.com/", jose.HS256)
        validator := auth0.NewValidator(configuration)

        token, err := validator.ValidateRequest(r)

        if err != nil {
            fmt.Println(err)
            fmt.Println("Token is not valid:", token)
            w.WriteHeader(http.StatusUnauthorized)
            w.Write([]byte("Unauthorized"))
        } else {
            next.ServeHTTP(w, r)
        }
    })
}

token是否包含有关用户的更多信息?

我有点迷失在这里。auth0完美地确保只有注册的用户可以使用REST API,但我想提供特定于用户的信息。因此,REST调用返回的内容取决于当前用户。最初,我认为auth0会处理这个问题。有没有简单的方法来实现这一点?

英文:

I am using auth0 and golang for a rest service that is similar implemented as shown here.

I wonder how I can find out the name of the user that is currently triggering a certain API call - for instance if someone requests http://localhost:3000/products - the go handler in this case looks like this:

var ProductsHandler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	payload, _ := json.Marshal(products)

	w.Header().Set("Content-Type", "application/json")
	w.Write([]byte(payload))
})

Does the request r contain more information about the current user?

Or do I need to find out the current user in the middleware authentication:

func authMiddleware(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		secret := []byte("{YOUR-AUTH0-API-SECRET}")
		secretProvider := auth0.NewKeyProvider(secret)
		audience := "{YOUR-AUTH0-API-AUDIENCE}"

		configuration := auth0.NewConfiguration(secretProvider, audience, "https://{YOUR-AUTH0-DOMAIN}.auth0.com/", jose.HS256)
		validator := auth0.NewValidator(configuration)

		token, err := validator.ValidateRequest(r)

		if err != nil {
			fmt.Println(err)
			fmt.Println("Token is not valid:", token)
			w.WriteHeader(http.StatusUnauthorized)
			w.Write([]byte("Unauthorized"))
		} else {
			next.ServeHTTP(w, r)
		}
	})
}

Does the token contain more information about the user?

I am a bit lost here. auth0 works perfectly to ensure that only registered persons can use the REST-API, but I want to deliver user specific information. So it depends on the current user what a REST call is handing back. Initially, I was thinking that auth0 would take care of this. Is there a simple way to achieve this?

答案1

得分: 2

是的,你需要使用token来获取有关请求问题的信息。

要对你想要的所有内容进行排序,你需要查看以下内容:

你感兴趣的是声明中的一个字段

Issuer string `json:"iss,omitempty"`
英文:

Yes, you need to use token to get information about request issue.

To sort all you want you need to take a look to next:

The claims have a field

Issuer string `json:"iss,omitempty"`

you are interested in.

huangapple
  • 本文由 发表于 2017年7月21日 21:42:28
  • 转载请务必保留本文链接:https://go.coder-hub.com/45239257.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定