middleware/auth0.go

package middleware

import (
	"context"
	"fmt"
	"log"
	"net/url"

	jwtmiddleware "github.com/auth0/go-jwt-middleware/v3"
	"github.com/auth0/go-jwt-middleware/v3/jwks"
	"github.com/auth0/go-jwt-middleware/v3/validator"
)

// CustomClaims contains custom claims from the JWT token.
type CustomClaims struct {
	Roles []string `json:"https://unbound.se/roles"`
}

// Validate implements the validator.CustomClaims interface.
func (c CustomClaims) Validate(_ context.Context) error {
	return nil
}

type Auth0 struct {
	domain   string
	audience string
}

func NewAuth0(audience, domain string, _ bool) *Auth0 {
	return &Auth0{
		domain:   domain,
		audience: audience,
	}
}

type Response struct {
	Message string `json:"message"`
}

func (a *Auth0) Middleware() *jwtmiddleware.JWTMiddleware {
	issuer := fmt.Sprintf("https://%s/", a.domain)

	issuerURL, err := url.Parse(issuer)
	if err != nil {
		log.Fatalf("failed to parse issuer URL: %v", err)
	}

	provider, err := jwks.NewCachingProvider(jwks.WithIssuerURL(issuerURL))
	if err != nil {
		log.Fatalf("failed to create JWKS provider: %v", err)
	}

	jwtValidator, err := validator.New(
		validator.WithKeyFunc(provider.KeyFunc),
		validator.WithAlgorithm(validator.RS256),
		validator.WithIssuer(issuer),
		validator.WithAudience(a.audience),
		validator.WithCustomClaims(func() validator.CustomClaims {
			return &CustomClaims{}
		}),
	)
	if err != nil {
		log.Fatalf("failed to create JWT validator: %v", err)
	}

	jwtMiddleware, err := jwtmiddleware.New(
		jwtmiddleware.WithValidator(jwtValidator),
		jwtmiddleware.WithCredentialsOptional(true),
	)
	if err != nil {
		log.Fatalf("failed to create JWT middleware: %v", err)
	}

	return jwtMiddleware
}

func ClaimsFromContext(ctx context.Context) *validator.ValidatedClaims {
	claims, err := jwtmiddleware.GetClaims[*validator.ValidatedClaims](ctx)
	if err != nil {
		return nil
	}
	return claims
}
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`package middleware`

			`import (`
			`"context"`
			`"fmt"`
fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`"log"`
			`"net/url"`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00
fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`jwtmiddleware "github.com/auth0/go-jwt-middleware/v3"`
			`"github.com/auth0/go-jwt-middleware/v3/jwks"`
			`"github.com/auth0/go-jwt-middleware/v3/validator"`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`)`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`// CustomClaims contains custom claims from the JWT token.`
			`type CustomClaims struct {`
			Roles []string `json:"https://unbound.se/roles"`
			`}`

			`// Validate implements the validator.CustomClaims interface.`
			`func (c CustomClaims) Validate(_ context.Context) error {`
			`return nil`
			`}`

feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`type Auth0 struct {`
			`domain string`
			`audience string`
			`}`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`func NewAuth0(audience, domain string, _ bool) *Auth0 {`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`return &Auth0{`
			`domain: domain,`
			`audience: audience,`
			`}`
			`}`

			`type Response struct {`
			Message string `json:"message"`
			`}`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`func (a Auth0) Middleware() jwtmiddleware.JWTMiddleware {`
fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 2024-03-01 19:53:09 +00:00			`issuer := fmt.Sprintf("https://%s/", a.domain)`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00
fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`issuerURL, err := url.Parse(issuer)`
			`if err != nil {`
			`log.Fatalf("failed to parse issuer URL: %v", err)`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`}`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`provider, err := jwks.NewCachingProvider(jwks.WithIssuerURL(issuerURL))`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`if err != nil {`
fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`log.Fatalf("failed to create JWKS provider: %v", err)`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`}`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`jwtValidator, err := validator.New(`
			`validator.WithKeyFunc(provider.KeyFunc),`
			`validator.WithAlgorithm(validator.RS256),`
			`validator.WithIssuer(issuer),`
			`validator.WithAudience(a.audience),`
			`validator.WithCustomClaims(func() validator.CustomClaims {`
			`return &CustomClaims{}`
			`}),`
			`)`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`if err != nil {`
fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`log.Fatalf("failed to create JWT validator: %v", err)`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`}`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`jwtMiddleware, err := jwtmiddleware.New(`
			`jwtmiddleware.WithValidator(jwtValidator),`
			`jwtmiddleware.WithCredentialsOptional(true),`
			`)`
			`if err != nil {`
			`log.Fatalf("failed to create JWT middleware: %v", err)`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`}`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`return jwtMiddleware`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`}`

fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`func ClaimsFromContext(ctx context.Context) *validator.ValidatedClaims {`
			`claims, err := jwtmiddleware.GetClaims[*validator.ValidatedClaims](ctx)`
			`if err != nil {`
			`return nil`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`}`
fix: migrate to go-jwt-middleware v3 API - Use validator and jwks packages for JWT validation - Replace manual JWKS caching with jwks.NewCachingProvider - Add CustomClaims struct for https://unbound.se/roles claim - Rename TokenFromContext to ClaimsFromContext - Update middleware/auth.go to use new claims structure - Update tests to use core.SetClaims and validator.ValidatedClaims Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-19 20:31:45 +01:00			`return claims`
feat: organizations and API keys 2023-04-27 07:09:10 +02:00			`}`