Custom Claims Go Gin

TheRabber · December 4, 2023, 6:12pm

Hey together,
I’m currently learning go with gin and try to setup auth0 for authentication and authorization, the first part is working fine so far.
Now I try to implement authorization based on rules using this tutorial:
https://auth0.com/docs/quickstart/backend/golang/01-authorization

So far so good, as I’m using Gin I wanted to put the HasScope to its own middleware to call it in addition.

// HasScope checks whether our claims have a specific scope.
func (c CustomClaims) HasScope(expectedScope string) gin.HandlerFunc {
	return func(context *gin.Context) {
		result := strings.Split(c.Scope, " ")
		for i := range result {
			if result[i] == expectedScope {
				context.Next()
			}
		}

		context.AbortWithStatus(403)
	}
}

this is what I came up with so far, trying to extract it.
Problem is that I probably shouldn’t be attaching that function to a CustomClaim, as I would need one for calling it afterwards, right?
But somehow I’m stuck and can’t get further at the moment, does anyone have an idea on how to proceed with it?

tyf · December 4, 2023, 10:00pm

Hey there @TheRabber welcome to the community!

I unfortunately don’t have any experience with Gin Assuming you’re passing an audience in the original authorize request, you shouldn’t need to extract anything. The middleware should just be used to check for specific claims once you’ve successfully validated the access token.

TheRabber · December 4, 2023, 10:11pm

Hey tyf,
thanks for the request, I think I found the solution, I was just to stupid to understand the code and how it should be used correctly I guess, I will validate that and put my findings here later as well.
It’s more or less about the permissions you can set when configuring the api

tyf · December 4, 2023, 10:18pm

Glad you found a solution Please do share your findings!

TheRabber · December 5, 2023, 8:21pm

Problem was that I needed to add the permissions to custom claims:

type CustomClaims struct {
	Scope       string   `json:"scope"`
	Permissions []string `json:"permissions"`
}

tyf · December 5, 2023, 8:35pm

Glad you were able to get this sorted, thanks for following up with your solution

system · December 19, 2023, 8:36pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Go-jwt-middleware CustomClaims validation type failure Help apis , application	3	1137	October 3, 2023
Go Gin middleware Help sessions , authentication-sessions	2	1264	February 6, 2023
How can I get my custom scopes in the access token? Help login-experience , free-trial	2	28	October 7, 2024
Adding custom claims in JWT using golang Help jwt , rules	7	4727	March 15, 2021
Custom Claims in the Access Token Help	3	3658	October 22, 2020

Custom Claims Go Gin

Related Topics