Overview The Authentication API client provides methods to interact with Auth0’s Authentication API for user authentication operations, including signup, login, password reset, and OAuth token exchanges.
Initialization Create an Authentication API client by providing your Auth0 domain and client credentials:
import ( " context " " github.com/auth0/go-auth0/v2/authentication " ) // With client secret authentication auth , err := authentication . New ( context . Background (), "your-tenant.auth0.com" , authentication . WithClientID ( "YOUR_CLIENT_ID" ), authentication . WithClientSecret ( "YOUR_CLIENT_SECRET" ), ) if err != nil { // handle err }
The WithClientSecret option is optional and depends on the authentication grants you plan to use. Some flows may not require a client secret.
Private Key JWT Authentication For enhanced security, you can use private key JWT authentication instead of client secrets:
auth , err := authentication . New ( context . Background (), "your-tenant.auth0.com" , authentication . WithClientID ( "YOUR_CLIENT_ID" ), authentication . WithClientAssertion ( privateKeyPEM , "RS256" ), )
Basic Operations Once initialized, you can perform various authentication operations:
Database Signup Create a new user account in a database connection:
import ( " github.com/auth0/go-auth0/v2/authentication/database " ) userData := database . SignupRequest { Connection : "Username-Password-Authentication" , Username : "mytestaccount" , Password : "mypassword" , Email : "[email protected] " , } createdUser , err := auth . Database . Signup ( context . Background (), userData ) if err != nil { // handle err }
OAuth Login Authenticate users using OAuth flows:
import ( " github.com/auth0/go-auth0/v2/authentication/oauth " ) // Authorization Code with PKCE tokenSet , err := auth . OAuth . LoginWithAuthCodeWithPKCE ( context . Background (), oauth . LoginWithAuthCodeWithPKCERequest { Code : "authorization-code" , CodeVerifier : "code-verifier" , }, oauth . IDTokenValidationOptionalVerification {}, ) if err != nil { // handle err } // Password grant tokens , err := auth . OAuth . LoginWithPassword ( context . Background (), oauth . LoginWithPasswordRequest { Username : "[email protected] " , Password : "user-password" , }, oauth . IDTokenValidationOptions {}, ) if err != nil { // handle err }
Configuration Options The Authentication API client supports several configuration options:
auth , err := authentication . New ( context . Background (), "your-tenant.auth0.com" , authentication . WithClientID ( id ), authentication . WithClientSecret ( secret ), authentication . WithClockTolerance ( 10 * time . Second ), )
Available Options
WithClientID(id) - Set the client ID for API requestsWithClientSecret(secret) - Set the client secret for authenticationWithClientAssertion(pem, alg) - Use private key JWT authenticationWithClockTolerance(duration) - Set clock tolerance for token validation
For a complete list of available options, see the [Option] type documentation in the authentication package.
Error Handling The Authentication API returns typed errors that you can check and handle appropriately. See the Error Handling page for detailed information about handling Authentication API errors.
Next Steps
Error Handling Learn how to handle Authentication API errors
Management API Learn about the Management API client