Getting Started

Official Documentation

For detailed explanation of each function, check the authorizer-go pkg.go.dev docs.

Prerequisite: You need an Authorizer instance running. See the deployment guides for setup options.

Authorizer v2 Compatibility

The authorizer-go SDK works with both Authorizer v1 and v2 servers. When using with v2:

• Obtain the Client ID from your v2 server's --client-id flag (set at startup)
• The SDK methods remain the same; only the server configuration model has changed

Installation

Step 1: Install authorizer-go SDK

go get github.com/authorizerdev/authorizer-go

Step 2: Initialize authorizer client

Parameters

Key	Type	Required	Description
clientID	string	true	Your unique client identifier (from --client-id flag in v2, or dashboard in v1)
authorizerURL	string	true	Authorizer server URL
redirectURL	string	false	Default URL to redirect the user after successful signup / login / forgot password
extraHeaders	map[string]string	false	Set of headers to pass with each request

Example

defaultHeaders := map[string]string{}

authorizerClient, err := authorizer.NewAuthorizerClient("YOUR_CLIENT_ID", "YOUR_AUTHORIZER_URL", "OPTIONAL_REDIRECT_URL", defaultHeaders)
if err != nil {
    panic(err)
}

Step 3: Use SDK methods

Example: Login

response, err := authorizerClient.Login(&authorizer.LoginInput{
    Email:    "test@yopmail.com",
    Password: "Abc@123",
})
if err != nil {
    panic(err)
}

Example: Validate JWT Token

res, err := authorizerClient.ValidateJWTToken(&authorizer.ValidateJWTTokenInput{
    TokenType: authorizer.TokenTypeIDToken,
    Token:     "your-jwt-token",
})
if err != nil {
    panic(err)
}

if res.IsValid {
    // Token is valid
}

Step 4: Fine-grained authorization (FGA)

Authorizer supports resource:scope based fine-grained permissions. The SDK exposes them in two ways.

Assert required permissions while validating -- pass RequiredPermissions to ValidateJWTToken, ValidateSession or GetSession. They are evaluated with AND semantics: every entry must be granted, otherwise the result is unauthorized.

res, err := authorizerClient.ValidateJWTToken(&authorizer.ValidateJWTTokenInput{
    TokenType: authorizer.TokenTypeAccessToken,
    Token:     "your-jwt-token",
    RequiredPermissions: []*authorizer.PermissionInput{
        {Resource: "documents", Scope: "read"},
        {Resource: "documents", Scope: "write"},
    },
})
if err != nil || !res.IsValid {
    // unauthorized
}

Fetch the principal's granted permissions -- GetPermissions returns the resource:scope permissions for the authenticated principal. Pass the auth header (or session cookie) so the principal can be identified.

permissions, err := authorizerClient.GetPermissions(map[string]string{
    "Authorization": "Bearer your-access-token",
})
if err != nil {
    panic(err)
}
for _, p := range permissions {
    fmt.Println(p.Resource, p.Scope)
}

Available Methods

The SDK provides the following methods:

• Login -- Authenticate with email and password
• Signup -- Register a new user
• VerifyEmail -- Verify user email
• ForgotPassword -- Initiate forgot password flow
• ResetPassword -- Reset password with token
• GetProfile -- Get user profile
• UpdateProfile -- Update user profile
• MagicLinkLogin -- Login with magic link
• ValidateJWTToken -- Validate a JWT token (optionally with RequiredPermissions for FGA)
• GetSession -- Get current session (optionally with RequiredPermissions for FGA)
• GetPermissions -- Get the fine-grained resource:scope permissions granted to the authenticated user
• RevokeToken -- Revoke a token
• Logout -- Logout user
• ValidateSession -- Validate a session (optionally with RequiredPermissions for FGA)