The most advanced and powerful Go HTTP middleware to handle basic authentication. It is fully compatible with the net/http package and third-party frameworks.

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request RFC 7617.

Looking for JWT? Navigate through kataras/jwt instead.

The only requirement is the Go Programming Language.

$ go get github.com/kataras/basicauth

Please star this open source project to attract more developers so that together we can improve it even more!

• Basic
• Load from a slice of Users
• Load from a file & encrypted passwords
• Fetch & validate a User from a Database (MySQL)

Import the package:

import "github.com/kataras/basicauth"

Initialize the middleware with a simple map of username:password (see Options type and New function for real-world scenarios):

auth := basicauth.Default(map[string]string{
	"admin":       "admin",
	"my_username": "my_password",
})

Wrap any http.Handler with the auth middleware, e.g. *http.ServeMux:

mux := http.NewServeMux()
// [...routes]

http.ListenAndServe(":8080", auth(mux))

Or register the middleware to a single http.HandlerFunc route:

mux.HandleFunc("/", basicauth.HandlerFunc(auth, routeHandlerFunc))

Access the authenticated User entry:

routeHandlerFunc := func(w http.ResponseWriter, r *http.Request) {
	user := basicauth.GetUser(r).(*basicauth.SimpleUser)
	// user.Username
	// user.Password
}

The *http.Request.BasicAuth() works too, but it has limitations when it comes to a custom user struct.

For a more detailed technical documentation you can head over to our godocs.

This software is licensed under the MIT License.