package lazyauth

import "golazy.dev/lazyauth"

Package lazyauth authenticates users without owning application authorization.

Authenticators can validate passwords, magic links, bearer tokens, OAuth provider callbacks, or application-specific credentials. Successful authentication returns a User with an ID and serializable Data map. Packages above lazyauth decide how that data becomes OAuth claims, sessions, roles, or MCP permissions.

The memoryauth subpackage provides the default lazyapp backend. It starts with zero users unless LAZYAUTH_DEFAULT_PASS creates a bootstrap password user named admin, or LAZYAUTH_DEFAULT_USER when that value is set.

Variables

Functions

func WithConfig

WithConfig stores the configured app authentication backend in ctx.

func WithConfig(ctx context.Context, config Config) context.Context

func WithUser

WithUser stores user in ctx.

func WithUser(ctx context.Context, user User) context.Context

Types

type Credential

Credential describes one authentication attempt.

type Credential struct {
	Kind		string
	Identifier	string
	Secret		string
	Values		map[string]string
}

type User

User is the authenticated identity returned by an Authenticator.

type User struct {
	ID	string		`json:"id"`
	Data	map[string]any	`json:"data,omitempty"`
}
func Authenticate

Authenticate validates credential through config.Authenticator.

func Authenticate(ctx context.Context, config Config, credential Credential) (User, error)
func FromContext

FromContext returns the authenticated user stored in ctx.

func FromContext(ctx context.Context) (User, bool)

Directories

Path Synopsis
lazyauth/fileauth
lazyauth/memoryauth