Go Gin OAuth2 Demo with Keycloak
This is a minimalist demo project illustrating the integration of OAuth2 (provided by a Keycloak server) into a Gin-based Go application. The implementation focuses on simplicity and separation of concerns, ensuring that the core view functions remain clean and free from authentication logic.
Key Features
- Middleware-Driven OAuth2 Handling: Authentication and authorization are managed entirely through middleware, keeping the view functions decoupled from OAuth2 logic.
- User Import from Keycloak: Users are imported directly from Keycloak, leveraging its identity management capabilities.
- Token Management: Access tokens are stored in cookies and automatically refreshed before expiration to ensure seamless user sessions.
- Protected Routes: Sensitive URLs (e.g., for modifying or deleting data) can be marked as protected. When accessed, an introspection is performed to validate the user's permissions.
Getting Started
-
Prerequisites:
- Go >=1.23.6 installed.
- A running Keycloak server with a configured realm and client.
-
Installation:
git clone https://git.0x0001f346.de/andreas/gin-oauth2-demo.git cd gin-oauth2-demo go mod tidy -
Configuration:
- Update the
middleware.gofile with your domain and Keycloak server details (client ID, client secret, realm, etc.).
- Update the
-
Run the Application:
go run main.go -
Access the Application:
- Open your browser and navigate to
http://localhost:9000. - Log in via Keycloak and explore the protected routes.
- Open your browser and navigate to
License
This project is licensed under the MIT License. See the LICENSE file for details.