Introduction
GoAuth is a Go authentication library modeled on Auth.js. If you have used NextAuth or @auth/core, the same mental model applies: providers, callbacks, adapters, JWT or database sessions, and a fixed HTTP route table under /auth.
import "github.com/izetmolla/goauth" // module path: goauth
Developer documentation (start here)
| I want to… | Read |
|---|---|
Pick a full goauth.Config for my app | Configuration scenarios |
| Every config field explained | Config reference |
| Control user creation & OAuth | ResolveUser callback |
| Send & verify OTP / magic links | OTP & verification guide |
| All callbacks with examples | Callbacks overview |
| Production integration walkthrough | Developer cookbook |
| Everything the package implements | Feature map |
| Fiber v3 + middleware & examples | FiberV3 implementation |
Why GoAuth?
| Auth.js | goauth |
|---|---|
Auth(request, config) | goauth.New(cfg) → http.Handler |
providers/* | goauth/providers/* subpackages |
@auth/*-adapter | goauth.Adapter + goauth/adapters/* |
| Encrypted JWE sessions | goauth/jwt (wire-compatible dir + A256CBC-HS512) |
| Experimental passkeys | providers/passkey + stdlib goauth/webauthn |
Design principles
- Standard library only in the core module — no third-party deps in
goauthitself. - Mirror Auth.js names and flows so documentation and patterns transfer directly.
- Runtime-agnostic — works with
net/http, Fiber (viafiberauth), or any framework that can mount anhttp.Handler.
Three kinds of “OTP” (don’t mix them up)
| Mechanism | You implement | Verify at |
|---|---|---|
| Magic link | email.SendVerificationRequest | GET /callback/email |
| Login email code | otp.SendCode | POST /callback/otp |
| MFA after password | MFA.SendCode | POST /mfa/verify |
Details: OTP & verification guide.
Minimal example
package main
import (
"log"
"net/http"
"github.com/izetmolla/goauth"
"github.com/izetmolla/goauth/providers/github"
)
func main() {
auth, err := goauth.New(goauth.Config{
Secret: []string{"change-me-to-a-32-byte-or-longer-secret"},
TrustHost: true,
Providers: []goauth.Provider{
github.New("CLIENT_ID", "CLIENT_SECRET"),
},
})
if err != nil {
log.Fatal(err)
}
mux := http.NewServeMux()
mux.Handle("/auth/", auth)
log.Fatal(http.ListenAndServe(":3000", mux))
}
Documentation sections
- Configuration — reference + 9 real-world scenarios
- Callbacks & events — SignIn, ResolveUser, JWT, Session, Redirect
- Developer guides — OTP flows, user creation, cookbook, feature map
- Providers — OAuth, credentials, email, passkey, Azure AD
- Security — MFA, CSRF
- API clients — bearer tokens, browser callback,
goauth.js - Adapters — SQL, authenticators
- Reference — routes, errors
:::tip Run docs locally
cd docs && pnpm install && pnpm start → http://localhost:3000
:::