[Issue #7] Auth-protected app example #20

Merged

HugoNijhuis merged 2 commits from issue-7-auth-protected-example into main 2026-01-09 16:35:33 +00:00

Conversation 2 Commits 2 Files Changed 1 +418

HugoNijhuis commented 2026-01-09 16:04:40 +00:00

Owner

Copy Link

Summary

This PR adds an example demonstrating OIDC authentication with the Iris framework. The example showcases how to build an auth-protected application using the auth package.

Changes

• Added examples/auth/main.go with a complete working example that demonstrates:
  • OIDC client setup with configurable issuer, client ID, and redirect URI
  • Login/logout flow using async OIDC discovery
  • Protected routes (/profile, /protected) using navigation.AuthGuard
  • User profile display extracted from ID token JWT claims
  • Token information display showing access token, ID token, and auth header
  • Reactive UI state for authentication status with loading indicators
  • OAuth callback handling for the authorization code flow

Test plan

• Verify WASM build succeeds: GOOS=js GOARCH=wasm go build ./examples/auth/...
• Run with an actual OIDC provider (e.g., Dex, Keycloak) to test full flow

Closes #7

Generated with Claude Code

## Summary This PR adds an example demonstrating OIDC authentication with the Iris framework. The example showcases how to build an auth-protected application using the `auth` package. ## Changes - Added `examples/auth/main.go` with a complete working example that demonstrates: - OIDC client setup with configurable issuer, client ID, and redirect URI - Login/logout flow using async OIDC discovery - Protected routes (`/profile`, `/protected`) using `navigation.AuthGuard` - User profile display extracted from ID token JWT claims - Token information display showing access token, ID token, and auth header - Reactive UI state for authentication status with loading indicators - OAuth callback handling for the authorization code flow ## Test plan - [x] Verify WASM build succeeds: `GOOS=js GOARCH=wasm go build ./examples/auth/...` - [ ] Run with an actual OIDC provider (e.g., Dex, Keycloak) to test full flow Closes #7 Generated with Claude Code

HugoNijhuis added 1 commit 2026-01-09 16:04:41 +00:00

Add auth-protected app example ... c007f48892

This example demonstrates OIDC authentication with the Iris framework:
- OIDC client setup and configuration
- Login/logout flow with async discovery
- Protected routes using auth guards
- User profile display from ID token claims
- Token information display and handling
- Reactive UI state for authentication status

Closes #7

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

HugoNijhuis commented 2026-01-09 16:15:12 +00:00

Author

Owner

Copy Link

Code Review

Summary

Good OIDC authentication example demonstrating the auth package with login/logout flow, protected routes, and token handling.

Highlights

• Well-documented with package comment explaining features
• Uses only public APIs - no internal package imports
• Good async OIDC flow with loading states
• Proper JWT payload parsing for user claims
• Security-conscious token truncation for display

Issue: Duplicated Route Configuration

Lines 68-93 and 158-183 - The routes array is defined identically in two places:

// In main()
routes := []navigation.Route{
    {Path: "/", Handler: homeView},
    {Path: "/callback", Handler: callbackView},
    {Path: "/profile", Handler: profileView, Guards: []navigation.RouteGuard{authGuard()}},
    {Path: "/protected", Handler: protectedView, Guards: []navigation.RouteGuard{authGuard()}},
}

// Same block repeated in renderApp()

This violates DRY and could lead to inconsistencies if one is updated but not the other.

Suggested Fix

Extract routes to a function:

func getRoutes() []navigation.Route {
    return []navigation.Route{
        {Path: "/", Handler: homeView},
        {Path: "/callback", Handler: callbackView},
        {Path: "/profile", Handler: profileView, Guards: []navigation.RouteGuard{authGuard()}},
        {Path: "/protected", Handler: protectedView, Guards: []navigation.RouteGuard{authGuard()}},
    }
}

Then use getRoutes() in both places.

Minor Notes

• JWT payload is decoded without verification (acceptable for demo, consider adding comment)
• OIDC constants use example.com (expected for demo)

Please extract the routes configuration to avoid duplication.

## Code Review ### Summary Good OIDC authentication example demonstrating the auth package with login/logout flow, protected routes, and token handling. ### Highlights - Well-documented with package comment explaining features - Uses only public APIs - no internal package imports - Good async OIDC flow with loading states - Proper JWT payload parsing for user claims - Security-conscious token truncation for display ### Issue: Duplicated Route Configuration **Lines 68-93 and 158-183** - The routes array is defined identically in two places: ```go // In main() routes := []navigation.Route{ {Path: "/", Handler: homeView}, {Path: "/callback", Handler: callbackView}, {Path: "/profile", Handler: profileView, Guards: []navigation.RouteGuard{authGuard()}}, {Path: "/protected", Handler: protectedView, Guards: []navigation.RouteGuard{authGuard()}}, } // Same block repeated in renderApp() ``` This violates DRY and could lead to inconsistencies if one is updated but not the other. ### Suggested Fix Extract routes to a function: ```go func getRoutes() []navigation.Route { return []navigation.Route{ {Path: "/", Handler: homeView}, {Path: "/callback", Handler: callbackView}, {Path: "/profile", Handler: profileView, Guards: []navigation.RouteGuard{authGuard()}}, {Path: "/protected", Handler: protectedView, Guards: []navigation.RouteGuard{authGuard()}}, } } ``` Then use `getRoutes()` in both places. ### Minor Notes - JWT payload is decoded without verification (acceptable for demo, consider adding comment) - OIDC constants use example.com (expected for demo) Please extract the routes configuration to avoid duplication.

HugoNijhuis added 1 commit 2026-01-09 16:24:16 +00:00

Extract routes to getRoutes() function ... 7589011526

Address review feedback to eliminate duplicated route configuration
and prevent potential inconsistencies.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

HugoNijhuis commented 2026-01-09 16:35:29 +00:00

Author

Owner

Copy Link

Code Review - Approved

Comprehensive OIDC authentication example with login/logout flow, protected routes, and token handling.

Highlights

• Well-documented package comment explaining features
• Async OIDC discovery with loading states
• Protected routes using navigation.AuthGuard
• User profile display from ID token JWT claims
• Security-conscious token truncation for display

Previous Feedback

Duplicated route configuration extracted to getRoutes() function.

LGTM - merging.

## Code Review - Approved Comprehensive OIDC authentication example with login/logout flow, protected routes, and token handling. ### Highlights - Well-documented package comment explaining features - Async OIDC discovery with loading states - Protected routes using `navigation.AuthGuard` - User profile display from ID token JWT claims - Security-conscious token truncation for display ### Previous Feedback Duplicated route configuration extracted to `getRoutes()` function. LGTM - merging.

HugoNijhuis merged commit 9b83333275 into main 2026-01-09 16:35:33 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

HugoNijhuis fluxcd-bot renovate-bot

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: flowmade-one/iris#20