Authsome

Go Packages

Quick reference for all Authsome Go packages and their public APIs.

All Authsome packages are importable from github.com/xraph/authsome.

Core packages

github.com/xraph/authsome

Root package. Exports the engine constructor, configuration types, and functional options.

ExportDescription
New(...Option) (*Engine, error)Create an Authsome engine
ConfigEngine configuration struct
PasswordConfigPassword policy configuration
SessionConfigSession behavior configuration
MFAConfigMulti-factor authentication configuration
PhoneConfigPhone authentication configuration
OAuth2ConfigOAuth2 provider configuration
JWTConfigJWT signing configuration
RateLimitConfigRate limiting configuration
WithStore(store.Store)Set the primary data store
WithPlugin(Plugin)Register an authentication plugin
WithConfig(Config)Set engine configuration
WithMFAStore(mfa.Store)Set the MFA enrollment store
WithSMSSender(bridge.SMSSender)Set the SMS bridge
WithMailer(bridge.Mailer)Set the email bridge
WithPasswordHistory(store)Set the password history store
WithRateLimiter(ratelimit.Limiter)Set the rate limiter
WithLockout(lockout.Lockout)Set the account lockout handler
WithLogger(logger)Set the logger

github.com/xraph/authsome/engine

The central engine with all authentication and management operations.

ExportDescription
Engine.Start(ctx)Initialize the engine
Engine.Stop(ctx)Graceful shutdown
Engine.SignUp(ctx, req)Create user account and session
Engine.SignIn(ctx, req)Authenticate user
Engine.SignOut(ctx, sessionID)Revoke a session
Engine.Refresh(ctx, refreshToken)Refresh session tokens
Engine.GetMe(ctx, userID)Get user profile
Engine.UpdateMe(ctx, user)Update user profile
Engine.DeleteAccount(ctx, userID)Delete user account (GDPR)
Engine.ExportUserData(ctx, userID)Export all user data (GDPR)
Engine.ForgotPassword(ctx, appID, email)Initiate password reset
Engine.ResetPassword(ctx, token, newPassword)Complete password reset
Engine.ChangePassword(ctx, userID, current, new)Change password
Engine.VerifyEmail(ctx, token)Verify email address
Engine.Impersonate(ctx, adminID, targetID, appID)Create impersonation session
Engine.ListSessions(ctx, userID)List user sessions
Engine.RevokeSession(ctx, sessionID)Revoke a specific session
Engine.RevokeAllSessions(ctx, userID)Revoke all user sessions
Engine.ValidateToken(ctx, token)Validate a session token
Engine.ListUserDevices(ctx, userID)List tracked devices
Engine.GetDevice(ctx, deviceID)Get device by ID
Engine.DeleteDevice(ctx, deviceID)Remove a device
Engine.TrustDevice(ctx, deviceID)Mark device as trusted
Engine.CreateWebhook(ctx, webhook)Register a webhook
Engine.GetWebhook(ctx, webhookID)Get webhook by ID
Engine.UpdateWebhook(ctx, webhook)Update a webhook
Engine.DeleteWebhook(ctx, webhookID)Delete a webhook
Engine.ListWebhooks(ctx, appID)List webhooks for an app
Engine.CreateRole(ctx, role)Create an RBAC role
Engine.GetRole(ctx, roleID)Get role by ID
Engine.UpdateRole(ctx, role)Update a role
Engine.DeleteRole(ctx, roleID)Delete a role
Engine.ListRoles(ctx, appID)List roles for an app
Engine.AddPermission(ctx, perm)Add permission to a role
Engine.ListRolePermissions(ctx, roleID)List role permissions
Engine.RemovePermission(ctx, permID)Remove a permission
Engine.AssignUserRole(ctx, userRole)Assign role to user
Engine.UnassignUserRole(ctx, userID, roleID)Unassign role
Engine.ListUserRoles(ctx, userID)List user roles

Entity packages

github.com/xraph/authsome/user

User entity and store interface.

ExportDescription
UserUser struct with all profile fields
Metadatamap[string]string for custom fields
UserQueryQuery parameters for listing/filtering users
UserListPaginated user list response
StoreUser persistence interface

github.com/xraph/authsome/session

Session entity and store interface.

ExportDescription
SessionSession struct with tokens and metadata
StoreSession persistence interface

github.com/xraph/authsome/device

Device tracking entity and store interface.

ExportDescription
DeviceDevice struct with fingerprint and trust status
StoreDevice persistence interface

github.com/xraph/authsome/organization

Organization, member, invitation, and team entities.

ExportDescription
OrganizationOrganization struct
MemberMembership struct with role
MemberRoleRole type (owner, admin, member)
InvitationInvitation struct with status
InvitationStatusStatus type (pending, accepted, expired, declined)
TeamTeam struct
Metadatamap[string]string for org metadata
StoreOrganization persistence interface

github.com/xraph/authsome/webhook

Webhook entity and store interface.

ExportDescription
WebhookWebhook struct with URL, events, and secret
StoreWebhook persistence interface

github.com/xraph/authsome/app

Application entity and store interface.

ExportDescription
AppApplication struct
StoreApp persistence interface

github.com/xraph/authsome/rbac

Role-based access control entities and store interface.

ExportDescription
RoleRole struct
PermissionPermission struct (action + resource)
UserRoleUser-role assignment
StoreRBAC persistence interface

Authentication packages

github.com/xraph/authsome/account

Account lifecycle operations: password hashing, validation, session creation.

ExportDescription
SignUpRequestSignup request struct
SignInRequestSignin request struct
SessionConfigSession token configuration
NewSession(appID, userID, cfg)Create a new session
HashPasswordWithPolicy(password, policy)Hash a password
NeedsRehash(hash, policy)Check if hash needs migration
StoreAccount lifecycle store (verification, password reset)
VerificationEmail verification record
PasswordResetPassword reset record
ErrInvalidCredentialsInvalid email/password
ErrEmailTakenEmail already registered
ErrUsernameTakenUsername already registered
ErrUserBannedUser is banned
ErrSessionExpiredSession has expired
ErrWeakPasswordPassword fails policy
ErrPasswordReusedPassword matches history

github.com/xraph/authsome/strategy

Authentication strategy interface.

ExportDescription
StrategyStrategy interface (Name(), Authenticate())
ResultAuthentication result (user, session, is-new)
ErrStrategyNotApplicableStrategy does not apply to request

github.com/xraph/authsome/plugins/password

Password authentication plugin.

ExportDescription
New(config ...Config) StrategyCreate password strategy
ConfigPlugin config (allowed domains)

github.com/xraph/authsome/plugins/mfa

Multi-factor authentication plugin.

ExportDescription
EnrollmentMFA enrollment record
RecoveryCodeRecovery code record
SMSChallengePending SMS challenge
TOTPConfigTOTP generation config
StoreMFA persistence interface
GenerateTOTPKey(cfg)Generate TOTP secret
ValidateTOTP(code, secret)Validate TOTP code
GenerateTOTPCode(secret)Generate TOTP code (testing)
GenerateSMSCode(length)Generate random numeric code
SendSMSChallenge(ctx, sender, phone)Send SMS and return challenge
ValidateSMSCode(code, challenge)Validate SMS code
GenerateRecoveryCodes(userID, count)Generate recovery codes
VerifyRecoveryCode(plaintext, code)Verify a recovery code
DefaultRecoveryCodeCountDefault: 8

github.com/xraph/authsome/plugins/social

Social OAuth login plugin (Google, GitHub, Apple, Microsoft, etc.).

github.com/xraph/authsome/plugins/sso

Enterprise SSO plugin (SAML, OIDC).

github.com/xraph/authsome/plugins/passkey

WebAuthn/passkey authentication plugin.

github.com/xraph/authsome/plugins/email

Magic link (email-based passwordless) plugin.

Configuration packages

github.com/xraph/authsome/formconfig

Dynamic form configuration and branding.

ExportDescription
FormConfigForm schema definition
FormFieldIndividual field definition
FieldTypeField type constants
ValidationField validation rules
SelectOptionOption for select/radio/checkbox
BrandingConfigPer-org branding configuration
FormTypeSignupConstant: "signup"

github.com/xraph/authsome/appsessionconfig

Per-app session configuration overrides.

ExportDescription
ConfigPer-app session config (TTL, format, binding)
StorePersistence interface
ErrNotFoundNo config exists for app

Store packages

github.com/xraph/authsome/store

Composite store interface embedding all subsystem stores.

ExportDescription
StoreComposite interface (user, session, device, org, webhook, etc.)
ErrNotFoundRecord not found

github.com/xraph/authsome/store/postgres

PostgreSQL backend via Grove ORM with embedded migrations.

github.com/xraph/authsome/store/sqlite

SQLite backend via Grove ORM.

github.com/xraph/authsome/store/mongo

MongoDB backend.

github.com/xraph/authsome/store/memory

In-memory backend for testing.

Bridge packages

github.com/xraph/authsome/bridge

Bridge interfaces for external integrations.

ExportDescription
SMSSenderSMS sending interface
SMSMessageSMS message struct
MailerEmail sending interface
ErrSMSNotAvailableNo SMS bridge configured

github.com/xraph/authsome/bridge/smsadapter

SMS bridge implementations.

ExportDescription
NewTwilioSender(sid, token, from)Twilio SMS sender

github.com/xraph/authsome/bridge/maileradapter

Email bridge implementations.

ExportDescription
NewResendMailer(apiKey)Resend email sender
NewSMTPMailer(config)SMTP email sender

Infrastructure packages

github.com/xraph/authsome/middleware

HTTP middleware for authentication, rate limiting, and RBAC.

ExportDescription
Auth(engine)Session validation middleware
RateLimit(limiter, cfg)Rate limiting middleware
RBAC(engine)Role-based access control middleware
UserIDFrom(ctx)Extract user ID from context
SessionIDFrom(ctx)Extract session ID from context

github.com/xraph/authsome/ratelimit

Rate limiting interfaces and implementations.

ExportDescription
LimiterRate limiter interface
NewMemoryLimiter()In-memory sliding window limiter
NewNoopLimiter()No-op limiter (disabled)

github.com/xraph/authsome/lockout

Account lockout interfaces and implementations.

ExportDescription
LockoutLockout interface
NewMemoryLockout()In-memory lockout tracker
NewNoopLockout()No-op lockout (disabled)

github.com/xraph/authsome/api

Forge-native HTTP handlers.

ExportDescription
New(engine, router)Create the API handler
RegisterRoutes(router)Mount all HTTP endpoints

github.com/xraph/authsome/extension

Forge framework extension adapter.

ExportDescription
New(...Option) *ExtensionCreate the Forge extension
Extension.Name()Returns "authsome"
Extension.Version()Returns current version
Extension.Engine()Access the underlying engine
Extension.Middlewares()Returns auth middleware stack

github.com/xraph/authsome/ceremony

Temporary data store for multi-step flows (PKCE, WebAuthn).

ExportDescription
StoreKey-value store with TTL

ID package

github.com/xraph/authsome/id

TypeID-based identifiers (UUIDv7, K-sortable) for all entities.

func NewUserID() UserID
func NewSessionID() SessionID
func NewAppID() AppID
func NewDeviceID() DeviceID
func NewOrgID() OrgID
func NewMemberID() MemberID
func NewInvitationID() InvitationID
func NewTeamID() TeamID
func NewWebhookID() WebhookID
func NewRoleID() RoleID
func NewPermissionID() PermissionID
func NewMFAID() MFAID
func NewRecoveryCodeID() RecoveryCodeID
func NewFormConfigID() FormConfigID
func NewBrandingConfigID() BrandingConfigID
func NewAppSessionConfigID() AppSessionConfigID
func NewEnvironmentID() EnvironmentID

func ParseUserID(s string) (UserID, error)
func ParseSessionID(s string) (SessionID, error)
func ParseAppID(s string) (AppID, error)
func ParseDeviceID(s string) (DeviceID, error)
func ParseOrgID(s string) (OrgID, error)
// ... Parse functions for all ID types

All IDs implement String() string and are based on TypeID (UUIDv7, K-sortable). Prefixes:

PrefixEntity
ausr_User
ases_Session
aapp_App
adev_Device
aorg_Organization
ambr_Member
ainv_Invitation
atm_Team
awhk_Webhook
arol_Role
aprm_Permission
amfa_MFA Enrollment
arc_Recovery Code
afcf_FormConfig
abrd_BrandingConfig
aenv_Environment

HTTP API Reference

Complete reference for all Authsome REST endpoints — authentication, users, sessions, MFA, devices, organizations, RBAC, webhooks, and OAuth2.

Full Example

Complete standalone Authsome server with PostgreSQL, all plugins, and bridge setup.

On this page

Core packagesgithub.com/xraph/authsomegithub.com/xraph/authsome/engineEntity packagesgithub.com/xraph/authsome/usergithub.com/xraph/authsome/sessiongithub.com/xraph/authsome/devicegithub.com/xraph/authsome/organizationgithub.com/xraph/authsome/webhookgithub.com/xraph/authsome/appgithub.com/xraph/authsome/rbacAuthentication packagesgithub.com/xraph/authsome/accountgithub.com/xraph/authsome/strategygithub.com/xraph/authsome/plugins/passwordgithub.com/xraph/authsome/plugins/mfagithub.com/xraph/authsome/plugins/socialgithub.com/xraph/authsome/plugins/ssogithub.com/xraph/authsome/plugins/passkeygithub.com/xraph/authsome/plugins/emailConfiguration packagesgithub.com/xraph/authsome/formconfiggithub.com/xraph/authsome/appsessionconfigStore packagesgithub.com/xraph/authsome/storegithub.com/xraph/authsome/store/postgresgithub.com/xraph/authsome/store/sqlitegithub.com/xraph/authsome/store/mongogithub.com/xraph/authsome/store/memoryBridge packagesgithub.com/xraph/authsome/bridgegithub.com/xraph/authsome/bridge/smsadaptergithub.com/xraph/authsome/bridge/maileradapterInfrastructure packagesgithub.com/xraph/authsome/middlewaregithub.com/xraph/authsome/ratelimitgithub.com/xraph/authsome/lockoutgithub.com/xraph/authsome/apigithub.com/xraph/authsome/extensiongithub.com/xraph/authsome/ceremonyID packagegithub.com/xraph/authsome/id