Skip to main content
The Authentication client provides access to Auth0’s Authentication API for user authentication, token management, and related operations.

Creating a Client

New

Creates a new Authentication API client. 
func New(ctx context.Context, domain string, options ...Option) (*Authentication, error)
ctx
context.Context
required
The context for the request
domain
string
required
Your Auth0 domain (e.g., “your-tenant.auth0.com” or “your-tenant.us.auth0.com”)
options
...Option
Optional configuration options for the client

Example

import (
    "context"
    "github.com/auth0/go-auth0/v2/authentication"
)

auth, err := authentication.New(
    context.TODO(),
    "your-domain.auth0.com",
    authentication.WithClientID("your-client-id"),
    authentication.WithClientSecret("your-client-secret"),
)
if err != nil {
    log.Fatalf("Failed to create auth client: %v", err)
}

Configuration Options

WithClientID

Configures the default Client ID to be used with requests. 
func WithClientID(clientID string) Option
clientID
string
required
The Auth0 Application Client ID

WithClientSecret

Configures the default Client Secret to be used with requests. 
func WithClientSecret(clientSecret string) Option
clientSecret
string
required
The Auth0 Application Client Secret

WithClientAssertion

Configures the signing key for Private Key JWT authentication. 
func WithClientAssertion(signingKey string, signingAlg string) Option
signingKey
string
required
The private key for signing the client assertion (PEM format)
signingAlg
string
required
The signing algorithm (e.g., “RS256”, “RS384”, “RS512”)

Example

import "os"

privateKey, err := os.ReadFile("private-key.pem")
if err != nil {
    log.Fatal(err)
}

auth, err := authentication.New(
    context.TODO(),
    "your-domain.auth0.com",
    authentication.WithClientID("your-client-id"),
    authentication.WithClientAssertion(string(privateKey), "RS256"),
)

WithIDTokenSigningAlg

Configures the expected signing algorithm for ID tokens. 
func WithIDTokenSigningAlg(alg string) Option
alg
string
required
The signing algorithm (default: “RS256”)

WithIDTokenClockTolerance

Configures the allowed clock tolerance when validating time-based claims in ID tokens. 
func WithIDTokenClockTolerance(clockTolerance time.Duration) Option
clockTolerance
time.Duration
required
The clock tolerance duration

Example

import "time"

auth, err := authentication.New(
    context.TODO(),
    "your-domain.auth0.com",
    authentication.WithClientID("your-client-id"),
    authentication.WithIDTokenClockTolerance(10 * time.Second),
)

WithClient

Configures a custom HTTP client for authentication and JWKS calls. 
func WithClient(client *http.Client) Option
client
*http.Client
required
The custom HTTP client to use

Example

import (
    "net/http"
    "time"
)

httpClient := &http.Client{
    Timeout: 30 * time.Second,
}

auth, err := authentication.New(
    context.TODO(),
    "your-domain.auth0.com",
    authentication.WithClientID("your-client-id"),
    authentication.WithClient(httpClient),
)

WithRetryStrategy

Configures the retry strategy for failed requests. 
func WithRetryStrategy(retryStrategy RetryStrategy) Option
retryStrategy
RetryStrategy
required
The retry configuration

RetryStrategy

max_retries
int
Maximum number of retry attempts
statuses
[]int
HTTP status codes that should trigger a retry
per_attempt_timeout
time.Duration
Timeout for individual API requests

Example

import "time"

auth, err := authentication.New(
    context.TODO(),
    "your-domain.auth0.com",
    authentication.WithClientID("your-client-id"),
    authentication.WithRetryStrategy(authentication.RetryStrategy{
        MaxRetries: 3,
        Statuses:   []int{429, 500, 502, 503, 504},
        PerAttemptTimeout: 5 * time.Second,
    }),
)

WithNoRetries

Disables automatic retries for failed requests. 
func WithNoRetries() Option

Example

auth, err := authentication.New(
    context.TODO(),
    "your-domain.auth0.com",
    authentication.WithClientID("your-client-id"),
    authentication.WithNoRetries(),
)

WithNoAuth0ClientInfo

Disables sending the “Auth0-Client” header with requests. 
func WithNoAuth0ClientInfo() Option

WithAuth0ClientEnvEntry

Adds custom environment information to the Auth0-Client header. 
func WithAuth0ClientEnvEntry(key string, value string) Option
key
string
required
The environment key
value
string
required
The environment value

User Info

UserInfo

Returns a user’s profile using the access token obtained during login. 
func (a *Authentication) UserInfo(
    ctx context.Context,
    accessToken string,
    opts ...RequestOption,
) (*UserInfoResponse, error)
ctx
context.Context
required
The context for the request
accessToken
string
required
The access token obtained during login
opts
...RequestOption
Optional request options
This endpoint only works if openid was granted as a scope for the access token. The user profile information included in the response depends on the scopes requested.

Example

user, err := auth.UserInfo(ctx, accessToken)
if err != nil {
    log.Fatalf("Failed to get user info: %v", err)
}

fmt.Printf("User ID: %s\n", user.Sub)
fmt.Printf("Email: %s\n", user.Email)
fmt.Printf("Name: %s\n", user.Name)

Response

Returns a UserInfoResponse containing the user’s profile information.

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us