Events
goauth.Events hooks run after successful operations. They cannot block or modify the auth result.
Events: goauth.Events{
SignIn: onSignIn,
SignOut: onSignOut,
CreateUser: onCreateUser,
UpdateUser: onUpdateUser,
LinkAccount: onLinkAccount,
Session: onSessionRead,
},
SignIn
SignIn: func(ctx context.Context, p goauth.SignInCallbackParams) {
audit.Log("sign_in", p.User.ID, p.Account.Provider)
},
Fires from issueSession / token issuance — after SignIn callback allowed the user.
SignOut
SignOut: func(ctx context.Context, session *goauth.Session, token goauth.JWT) {
audit.Log("sign_out", session.UserID)
},
token may be nil for database sessions.
CreateUser
Fires when the adapter creates a user (OAuth database flow or email first sign-in):
CreateUser: func(ctx context.Context, user *goauth.User) {
crm.CreateLead(user.Email)
},
Not fired if you only use JWT strategy without adapter user rows.
LinkAccount
LinkAccount: func(ctx context.Context, user *goauth.User, account *goauth.Account) {
analytics.Track(user.ID, "oauth_linked", account.Provider)
},
UpdateUser
Reserved for adapter update paths — wire when you call Adapter.UpdateUser from custom code.
Session
Session: func(ctx context.Context, session *goauth.Session, token goauth.JWT) {
metrics.Inc("session_reads")
},
Fires on GET /auth/session when a session exists.
Events vs callbacks
| Need | Use |
|---|---|
| Block sign-in | Callbacks.SignIn |
| Change user ID in session | Callbacks.ResolveUser |
| Log sign-in | Events.SignIn |
| Welcome email on register | Events.CreateUser or ResolveUser + IsNewUser |
| Send OTP | MFA.SendCode or otp.SendCode — not Events |