Skip to main content
Version: Next

BasicAuth

Basic Authentication middleware for Fiber that provides an HTTP basic authentication. It calls the next handler for valid credentials and 401 Unauthorized or a custom response for missing or invalid credentials.

Signatures

func New(config Config) fiber.Handler
func UsernameFromContext(c fiber.Ctx) string
func PasswordFromContext(c fiber.Ctx) string

Examples

Import the middleware package that is part of the Fiber web framework

import (
    "github.com/gofiber/fiber/v3"
    "github.com/gofiber/fiber/v3/middleware/basicauth"
)

After you initiate your Fiber app, you can use the following possibilities:

// Provide a minimal config
app.Use(basicauth.New(basicauth.Config{
    Users: map[string]string{
        "john":  "doe",
        "admin": "123456",
    },
}))

// Or extend your config for customization
app.Use(basicauth.New(basicauth.Config{
    Users: map[string]string{
        "john":  "doe",
        "admin": "123456",
    },
    Realm: "Forbidden",
    Authorizer: func(user, pass string) bool {
        if user == "john" && pass == "doe" {
            return true
        }
        if user == "admin" && pass == "123456" {
            return true
        }
        return false
    },
    Unauthorized: func(c fiber.Ctx) error {
        return c.SendFile("./unauthorized.html")
    },
}))

Getting the username and password

func handler(c fiber.Ctx) error {
    username := basicauth.UsernameFromContext(c)
    password := basicauth.PasswordFromContext(c)
    log.Printf("Username: %s Password: %s", username, password)
    return c.SendString("Hello, " + username)
}

Config

PropertyTypeDescriptionDefault
Nextfunc(fiber.Ctx) boolNext defines a function to skip this middleware when returned true.nil
Usersmap[string]stringUsers defines the allowed credentials.map[string]string{}
RealmstringRealm is a string to define the realm attribute of BasicAuth. The realm identifies the system to authenticate against and can be used by clients to save credentials."Restricted"
Authorizerfunc(string, string) boolAuthorizer defines a function to check the credentials. It will be called with a username and password and is expected to return true or false to indicate approval.nil
Unauthorizedfiber.HandlerUnauthorized defines the response body for unauthorized responses.nil

Default Config

var ConfigDefault = Config{
    Next:            nil,
    Users:           map[string]string{},
    Realm:           "Restricted",
    Authorizer:      nil,
    Unauthorized:    nil,
}