Mounting & auth API
Mount goauth once on a wildcard route. Fiber forwards every /auth/... request to the core handler.
app.All("/auth/*", fiberauth.Handler(auth))
Handler uses Fiber’s adaptor to bridge fiber.Ctx ↔ net/http.
Routes available through Fiber
Same table as core goauth — see Routes reference.
| Method | Path | Use from Fiber / SPA |
|---|---|---|
| GET | /auth/session | Current user JSON |
| GET | /auth/csrf | CSRF token (cookie flows) |
| GET | /auth/providers | Provider metadata |
| POST | /auth/signin/:provider | Start email/OTP sign-in |
| GET/POST | /auth/callback/:provider | OAuth redirect or credentials POST |
| POST | /auth/signout | Log out |
| POST | /auth/token | Refresh bearer tokens |
| POST | /auth/mfa/verify | Complete MFA |
| GET | /auth/mfa/device | Check trusted device |
| GET | /auth/sessions | List sessions (DB strategy) |
Calling auth from Fiber handlers
Option A — middleware (preferred)
app.Use(fiberauth.SessionLoader(auth)) // optional global loader
app.Get("/api/me", fiberauth.Protect(auth), meHandler)
Option B — explicit per request
func meHandler(c fiber.Ctx) error {
session, err := fiberauth.GetSession(auth, c)
if err != nil {
return c.Status(500).JSON(fiber.Map{"error": err.Error()})
}
if session == nil {
return c.Status(401).JSON(fiber.Map{"error": "unauthorized"})
}
return c.JSON(session.User)
}
GetSession copies any Set-Cookie headers from goauth onto the Fiber response.
Bearer tokens (SPA / mobile)
Enable tokens in config:
Tokens: goauth.TokensConfig{
Enabled: true,
AlwaysReturn: true, // optional: always JSON, no cookies
},
Client sends:
Authorization: Bearer eyJhbGc...
Protect / GetSession accept bearer auth automatically when Tokens.Enabled is true.
Testing with app.Test
req, _ := http.NewRequest(http.MethodGet, "/auth/session", nil)
req.Header.Set("Authorization", "Bearer "+accessToken)
resp, err := app.Test(req)
See Sign in (credentials) for obtaining a token in tests.