# Go Gin OAuth2 Demo with Keycloak

This is a minimalist demo project illustrating the integration of [**OAuth2**](https://oauth.net/2/) (provided by a [**Keycloak**](https://www.keycloak.org/) server) into a [**Gin**](https://github.com/gin-gonic/gin)-based Go application. The implementation focuses on simplicity and separation of concerns, ensuring that the core view functions remain clean and free from authentication logic.

## Key Features

- **Middleware-Driven OAuth2 Handling**: Authentication and authorization are managed entirely through middleware, keeping the view functions decoupled from OAuth2 logic.
- **User Import from Keycloak**: Users are imported directly from Keycloak, leveraging its identity management capabilities.
- **Token Management**: Access tokens are stored in cookies and automatically refreshed before expiration to ensure seamless user sessions.
- **Protected Routes**: Sensitive URLs (e.g., for modifying or deleting data) can be marked as protected. When accessed, an **introspection** is performed to validate the user's permissions.

## Getting Started

1. **Prerequisites**:
   - Go >=1.23.6 installed.
   - A running Keycloak server with a configured realm and client.

2. **Installation**:
   ```sh
   git clone https://git.0x0001f346.de/andreas/gin-oauth2-demo.git
   cd gin-oauth2-demo
   go mod tidy
   ```

3. **Configuration**:
   - Update the `middleware.go` file with your domain and Keycloak server details (client ID, client secret, realm, etc.).

4. **Run the Application**:
   ```sh
   go run main.go
   ```

5. **Access the Application**:
   - Open your browser and navigate to `http://localhost:9000`.
   - Log in via Keycloak and explore the protected routes.

## License

This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.