Fiber v3 + goauth overview
goauth is framework-agnostic (net/http). For Fiber v3 use the companion module fiberauth — same idea as @auth/express in Auth.js.
flowchart LR
subgraph Fiber app
R[Routes /api/*]
M[fiberauth middleware]
H[fiberauth.Handler]
end
subgraph goauth core
A[goauth.Auth]
end
Client --> H
H --> A
R --> M
M --> A
What fiberauth provides
| API | Purpose |
|---|---|
fiberauth.Handler(auth) | Mount all /auth/* actions (sign-in, callback, session, token, MFA, …) |
fiberauth.GetSession | Load session + forward Set-Cookie |
fiberauth.SessionFrom | Read session stored by middleware |
fiberauth.Protect | Require login (401) |
fiberauth.Guard | Login + custom rules (roles, claims) |
fiberauth.HasRole / HasClaim / Condition | Built-in authorizers |
Typical app layout
/auth/* → fiberauth.Handler(auth) # all goauth actions
/api/public → no auth
/api/me → fiberauth.Protect(auth)
/api/admin/* → fiberauth.Guard(auth, HasRole("admin"))
/login → your SPA or redirect to Pages.SignIn
Docs in this section
| Page | Topic |
|---|---|
| Installation | go get + minimal main.go |
| Mounting & auth API | Routes exposed through Fiber |
| Middleware | Protect, Guard, SessionLoader, JSON errors |
| Sessions, user & roles | SessionFrom, JWT callback, claims |
| Sign in (credentials) | Email/password, bearer tokens |
| OTP & passwordless | Email code login (like “magic code”) |
| Forgot / reset password | Magic link or OTP reset flow |
| MFA & trusted devices | Two-step login + deviceId |
| Redirects & pages | Login redirect, errors, SPA |
| Full example app | Complete Fiber server |
Official Fiber docs: Welcome · fiberauth repo: github.com/izetmolla/fiberauth