Stateless SAML + OIDC adapters for Go. You own the session.
import (
sso "github.com/foomo/gosso"
"github.com/foomo/gosso/oidc"
)
rp, err := oidc.New(
"https://login.example.com/realms/my-realm",
"my-client",
os.Getenv("CLIENT_SECRET"),
"https://app.example.com/oidc/callback",
[]byte(os.Getenv("TRANSIT_KEY")),
func(ctx context.Context, w http.ResponseWriter, r *http.Request, s sso.Subject[oidc.Payload]) error {
// You own the session. Do whatever you want with s here.
return writeCookie(w, s)
},
)
if err != nil { log.Fatal(err) }
h := rp.Handlers()
http.Handle("/oidc/login", h.Login)
http.Handle("/oidc/callback", h.Callback)
http.Handle("/oidc/logout", h.Logout)SAML has the exact same shape. Both protocols produce an
sso.Subject[T] so your session-construction code can be shared.
https://foomo.github.io/gosso/
make sandbox.up # Keycloak on :8081 with realm preloaded
make sandbox.run # demo app on :8080, both protocols mounted
# log in as alice / password (admins) or bob / password (users)See examples/sandbox/README.md.
See docs/CONTRIBUTING.md.
MIT, see LICENSE.