Custom Claims Go Gin

TheRabber · December 4, 2023, 6:12pm

Hey together,
I’m currently learning go with gin and try to setup auth0 for authentication and authorization, the first part is working fine so far.
Now I try to implement authorization based on rules using this tutorial:
https://auth0.com/docs/quickstart/backend/golang/01-authorization

So far so good, as I’m using Gin I wanted to put the HasScope to its own middleware to call it in addition.

// HasScope checks whether our claims have a specific scope.
func (c CustomClaims) HasScope(expectedScope string) gin.HandlerFunc {
	return func(context *gin.Context) {
		result := strings.Split(c.Scope, " ")
		for i := range result {
			if result[i] == expectedScope {
				context.Next()
			}
		}

		context.AbortWithStatus(403)
	}
}

this is what I came up with so far, trying to extract it.
Problem is that I probably shouldn’t be attaching that function to a CustomClaim, as I would need one for calling it afterwards, right?
But somehow I’m stuck and can’t get further at the moment, does anyone have an idea on how to proceed with it?

tyf · December 4, 2023, 10:00pm

Hey there @TheRabber welcome to the community!

I unfortunately don’t have any experience with Gin Assuming you’re passing an audience in the original authorize request, you shouldn’t need to extract anything. The middleware should just be used to check for specific claims once you’ve successfully validated the access token.

TheRabber · December 4, 2023, 10:11pm

Hey tyf,
thanks for the request, I think I found the solution, I was just to stupid to understand the code and how it should be used correctly I guess, I will validate that and put my findings here later as well.
It’s more or less about the permissions you can set when configuring the api

tyf · December 4, 2023, 10:18pm

Glad you found a solution Please do share your findings!

TheRabber · December 5, 2023, 8:21pm

Problem was that I needed to add the permissions to custom claims:

type CustomClaims struct {
	Scope       string   `json:"scope"`
	Permissions []string `json:"permissions"`
}

tyf · December 5, 2023, 8:35pm

Glad you were able to get this sorted, thanks for following up with your solution

system · December 19, 2023, 8:36pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I get my custom scopes in the access token? Help login-experience , free-trial	2	24	October 7, 2024
Go Authorization: Scoped API not working JWT.io jwt , api , auth , golang	6	3680	January 20, 2021
Assistance with Customizing Access Tokens and API Authorization using Auth0 Help configuration , application	0	101	June 25, 2024
Question Getting the default golang api code working for the sample Help api , spa , go , golang	2	4673	July 25, 2019
Getting User Information Using Go API Authorization Help jwt , go	3	4172	February 22, 2022

Custom Claims Go Gin

Related Topics