Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/auth0/go-auth0/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Authentication API client provides methods to interact with Auth0’s Authentication API for user authentication operations, including signup, login, password reset, and OAuth token exchanges.

Initialization

Create an Authentication API client by providing your Auth0 domain and client credentials: 
import (
    "context"
    "github.com/auth0/go-auth0/v2/authentication"
)

// With client secret authentication
auth, err := authentication.New(
    context.Background(),
    "your-tenant.auth0.com",
    authentication.WithClientID("YOUR_CLIENT_ID"),
    authentication.WithClientSecret("YOUR_CLIENT_SECRET"),
)
if err != nil {
    // handle err
}
The WithClientSecret option is optional and depends on the authentication grants you plan to use. Some flows may not require a client secret.

Private Key JWT Authentication

For enhanced security, you can use private key JWT authentication instead of client secrets: 
auth, err := authentication.New(
    context.Background(),
    "your-tenant.auth0.com",
    authentication.WithClientID("YOUR_CLIENT_ID"),
    authentication.WithClientAssertion(privateKeyPEM, "RS256"),
)

Basic Operations

Once initialized, you can perform various authentication operations:

Database Signup

Create a new user account in a database connection: 
import (
    "github.com/auth0/go-auth0/v2/authentication/database"
)

userData := database.SignupRequest{
    Connection: "Username-Password-Authentication",
    Username:   "mytestaccount",
    Password:   "mypassword",
    Email:      "mytestaccount@example.com",
}

createdUser, err := auth.Database.Signup(context.Background(), userData)
if err != nil {
    // handle err
}

OAuth Login

Authenticate users using OAuth flows: 
import (
    "github.com/auth0/go-auth0/v2/authentication/oauth"
)

// Authorization Code with PKCE
tokenSet, err := auth.OAuth.LoginWithAuthCodeWithPKCE(
    context.Background(),
    oauth.LoginWithAuthCodeWithPKCERequest{
        Code:         "authorization-code",
        CodeVerifier: "code-verifier",
    },
    oauth.IDTokenValidationOptionalVerification{},
)
if err != nil {
    // handle err
}

// Password grant
tokens, err := auth.OAuth.LoginWithPassword(
    context.Background(),
    oauth.LoginWithPasswordRequest{
        Username: "user@example.com",
        Password: "user-password",
    },
    oauth.IDTokenValidationOptions{},
)
if err != nil {
    // handle err
}

Configuration Options

The Authentication API client supports several configuration options: 
auth, err := authentication.New(
    context.Background(),
    "your-tenant.auth0.com",
    authentication.WithClientID(id),
    authentication.WithClientSecret(secret),
    authentication.WithClockTolerance(10 * time.Second),
)

Available Options

  • WithClientID(id) - Set the client ID for API requests
  • WithClientSecret(secret) - Set the client secret for authentication
  • WithClientAssertion(pem, alg) - Use private key JWT authentication
  • WithClockTolerance(duration) - Set clock tolerance for token validation
For a complete list of available options, see the [Option] type documentation in the authentication package.

Error Handling

The Authentication API returns typed errors that you can check and handle appropriately. See the Error Handling page for detailed information about handling Authentication API errors.

Next Steps

Error Handling

Learn how to handle Authentication API errors

Management API

Learn about the Management API client

Build docs developers (and LLMs) love

Get started for freeTalk to us