Framework-agnostic Go library for auth, tenant, and permission management.
- Auth — JWT, OAuth2, SAML, LDAP, API keys, WebAuthn, magic link
- Multi-tenant — Tenant context, lifecycle, feature flags
- Permission — RBAC, ABAC, cached checks
- Storage-agnostic — MySQL, Postgres, MongoDB, Redis, memory
- Framework-agnostic — net/http, chi, gin, echo, fiber, GraphQL
go get github.com/parevo/core
package main
import (
"net/http"
"github.com/parevo/core/auth"
"github.com/parevo/core/auth/adapters"
"github.com/parevo/core/auth/adapters/nethttp"
)
func main() {
svc, _ := auth.NewService(auth.Config{
Issuer: "parevo",
Audience: "parevo-api",
SecretKey: []byte("your-secret"),
})
mux := http.NewServeMux()
mux.Handle("/secure", nethttp.AuthMiddleware(svc, adapters.Options{})(yourHandler))
http.ListenAndServe(":8080", mux)
}
| Module |
Description |
auth |
JWT service, guards, middleware adapters |
auth/mfa |
TOTP 2FA, recovery codes |
auth/apikey |
API key validation |
auth/webauthn |
WebAuthn/Passkeys (-tags webauthn) |
auth/magiclink |
Magic link / email OTP |
auth/blacklist |
JWT blacklist for immediate revoke |
auth/ipfilter |
IP allowlist/blocklist |
auth/oauth2provider |
OAuth2 authorization server |
auth/tenantsql |
Tenant filter helpers for SQL |
social |
Social login (Google, GitHub) |
consent |
OAuth2 consent management |
saml |
SAML 2.0 SSO |
ldap |
LDAP/Active Directory auth |
| Module |
Description |
tenant |
Tenant selection, override policy, lifecycle |
tenant/features |
Feature flags, plan limits |
permission |
Permission check service |
permission/abac |
ABAC conditions |
| Module |
Description |
storage |
DB adapter interfaces |
storage/memory |
In-memory adapters |
storage/postgres |
Postgres adapter |
storage/mysql |
MySQL adapter |
storage/mongodb |
MongoDB adapter |
storage/redis |
Redis adapter (sessions, refresh) |
blob |
Object storage (S3, R2, memory) |
cache |
Generic cache (memory, Redis) |
lock |
Distributed lock (memory, Redis) |
search |
Full-text search (SQL builder) |
| Module |
Description |
health |
Health checks (DB, Redis, blob) |
job |
Async job queue (memory) |
billing |
Tenant usage tracking |
notification |
Email, SMS, WebSocket |
webhooks |
Event webhooks |
| Module |
Description |
export |
GDPR data export |
validation |
Request/body validation |
geo |
IP geolocation |
config |
Config validation |
observability |
Logging, metrics, tracing, audit |
admin |
Admin panel (tenants, permissions, sessions) |
| Framework |
Auth Adapter |
| net/http |
auth/adapters/nethttp |
| chi |
auth/adapters/chi |
| gin |
auth/adapters/gin |
| echo |
auth/adapters/echo |
| fiber |
auth/adapters/fiber |
| GraphQL |
auth/adapters/graphql |
go run ./examples/nethttp-basic
go run ./examples/gin-modular
go run ./examples/notification
go run ./examples/blob
go run ./examples/admin-panel
| Example |
Description |
nethttp-basic |
Minimal net/http setup |
gin-modular |
Auth + tenant + permission |
social-login |
Social callback + account linking |
totp-mfa |
TOTP 2FA setup and verify |
permission-cache |
Cached permission store |
tenant-ratelimit |
Tenant-based rate limiting |
blacklist-logout |
JWT blacklist on logout |
mysql-storage |
MySQL adapter (requires MYSQL_DSN) |
mongodb-storage |
MongoDB adapter (requires MONGODB_URI) |
See examples/README.md for full list and run instructions.
MIT. See LICENSE.
Issue-first workflow. See .github/CONTRIBUTING.md.
