rename the sso to auth package

_examples/README.md

@@ -214,6 +214,7 @@
     * [Ttemplates and Functions](i18n/template)
     * [Pluralization and Variables](i18n/plurals)
 * Authentication, Authorization & Bot Detection
+    * [Recommended: Auth package and Single-Sign-On](auth/auth) **NEW (GO 1.18 Generics required)**
     * Basic Authentication
         * [Basic](auth/basicauth/basic)
         * [Load from a slice of Users](auth/basicauth/users_list)
@@ -226,7 +227,6 @@
         * [Blocklist](auth/jwt/blocklist/main.go)
         * [Refresh Token](auth/jwt/refresh-token/main.go)
         * [Tutorial](auth/jwt/tutorial)
-        * [SSO](auth/sso) **NEW (GO 1.18 Generics required)**
     * [JWT (community edition)](https://github.com/iris-contrib/middleware/tree/v12/jwt/_example/main.go)
     * [OAUth2](auth/goth/main.go)
     * [Manage Permissions](auth/permissions/main.go)
@@ -279,7 +279,7 @@
     * [Authenticated Controller](mvc/authenticated-controller/main.go)
     * [Versioned Controller](mvc/versioned-controller/main.go)
     * [Websocket Controller](mvc/websocket)
-        * [Websocket + Authentication (SSO)](mvc/websocket-sso) **NEW (GO 1.18 Generics required)**
+        * [Websocket + Authentication (Single-Sign-On)](mvc/websocket-auth) **NEW (GO 1.18 Generics required)**
     * [Register Middleware](mvc/middleware)
     * [gRPC](mvc/grpc-compatible)
     * [gRPC Bidirectional Stream](mvc/grpc-compatible-bidirectional-stream)

_examples/auth/auth/README.md

@@ -1,4 +1,4 @@
-# SSO (Single Sign On)
+# Auth Package (+ Single Sign On)
 
 ```sh
 $ go run .

_examples/auth/auth/auth.yml

@@ -1,9 +1,12 @@
+Headers: # required.
+  - "Authorization"
+  - "X-Authorization"
 Cookie: # optional.
-  Name: "iris_sso"
+  Name: "iris_auth_cookie"
   Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit).
   Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit).
 Keys:
-  - ID: IRIS_SSO_ACCESS # required.
+  - ID: IRIS_AUTH_ACCESS # required.
     Alg: EdDSA
     MaxAge: 2h # 2 hours lifetime for access tokens. 
     Private: |+
@@ -14,7 +17,7 @@ Keys:
       -----BEGIN PUBLIC KEY-----
       MCowBQYDK2VwAyEAzpgjKSr9E032DX+foiOxq1QDsbzjLxagTN+yVpGWZB4=
       -----END PUBLIC KEY-----
-  - ID: IRIS_SSO_REFRESH # optional. Good practise to have it though.
+  - ID: IRIS_AUTH_REFRESH # optional. Good practise to have it though.
     Alg: EdDSA
     # 1 month lifetime for refresh tokens,
     # after that period the user has to signin again.

_examples/auth/auth/main.go

@@ -6,10 +6,10 @@ import (
 	"fmt"
 
 	"github.com/kataras/iris/v12"
-	"github.com/kataras/iris/v12/sso"
+	"github.com/kataras/iris/v12/auth"
 )
 
-func allowRole(role AccessRole) sso.TVerify[User] {
+func allowRole(role AccessRole) auth.TVerify[User] {
 	return func(u User) error {
 		if !u.Role.Allow(role) {
 			return fmt.Errorf("invalid role")
@@ -19,7 +19,7 @@ func allowRole(role AccessRole) sso.TVerify[User] {
 	}
 }
 
-const configFilename = "./sso.yml"
+const configFilename = "./auth.yml"
 
 func main() {
 	app := iris.New()
@@ -28,23 +28,23 @@ func main() {
 		Layout("main"))
 
 	/*
-		// Easiest 1-liner way, load from configuration and initialize a new sso instance:
-		s := sso.MustLoad[User]("./sso.yml")
+		// Easiest 1-liner way, load from configuration and initialize a new auth instance:
+		s := auth.MustLoad[User]("./auth.yml")
 		// Bind a configuration from file:
-		var c sso.Configuration
-		c.BindFile("./sso.yml")
-		s, err := sso.New[User](c)
+		var c auth.Configuration
+		c.BindFile("./auth.yml")
+		s, err := auth.New[User](c)
 		// OR create new programmatically configuration:
-		config := sso.Configuration{
+		config := auth.Configuration{
 			...fields
 		}
-		s, err := sso.New[User](config)
+		s, err := auth.New[User](config)
 		// OR generate a new configuration:
-		config := sso.MustGenerateConfiguration()
-		s, err := sso.New[User](config)
+		config := auth.MustGenerateConfiguration()
+		s, err := auth.New[User](config)
 		// OR generate a new config and save it if cannot open the config file.
 		if _, err := os.Stat(configFilename); err != nil {
-		    generatedConfig := sso.MustGenerateConfiguration()
+		    generatedConfig := auth.MustGenerateConfiguration()
 		    configContents, err := generatedConfig.ToYAML()
 		    if err != nil {
 		        panic(err)
@@ -58,13 +58,13 @@ func main() {
 	*/
 
 	// 1. Load configuration from a file.
-	ssoConfig, err := sso.LoadConfiguration(configFilename)
+	authConfig, err := auth.LoadConfiguration(configFilename)
 	if err != nil {
 		panic(err)
 	}
 
-	// 2. Initialize a new sso instance for "User" claims (generics: go1.18 +).
-	s, err := sso.New[User](ssoConfig)
+	// 2. Initialize a new auth instance for "User" claims (generics: go1.18 +).
+	s, err := auth.New[User](authConfig)
 	if err != nil {
 		panic(err)
 	}
@@ -72,7 +72,7 @@ func main() {
 	// 3. Add a custom provider, in our case is just a memory-based one.
 	s.AddProvider(NewProvider())
 	// 3.1. Optionally set a custom error handler.
-	// s.SetErrorHandler(new(sso.DefaultErrorHandler))
+	// s.SetErrorHandler(new(auth.DefaultErrorHandler))
 
 	app.Get("/signin", renderSigninForm)
 	// 4. generate token pairs.
@@ -102,12 +102,12 @@ func main() {
 			Region:    "us",
 			Tunnels: []tunnel.Tunnel{
 				{
-					Name:     "Iris SSO (Test)",
+					Name:     "Iris Auth (Test)",
 					Addr:     ":8080",
 					Hostname: "YOUR_DOMAIN",
 				},
 				{
-					Name:     "Iris SSO (Test Subdomain)",
+					Name:     "Iris Auth (Test Subdomain)",
 					Addr:     ":8080",
 					Hostname: "owner.YOUR_DOMAIN",
 				},
@@ -120,14 +120,14 @@ func renderSigninForm(ctx iris.Context) {
 	ctx.View("signin", iris.Map{"Title": "Signin Page"})
 }
 
-func renderMemberPage(s *sso.SSO[User]) iris.Handler {
+func renderMemberPage(s *auth.Auth[User]) iris.Handler {
 	return func(ctx iris.Context) {
 		user := s.GetUser(ctx)
 		ctx.Writef("Hello member: %s\n", user.Email)
 	}
 }
 
-func renderOwnerPage(s *sso.SSO[User]) iris.Handler {
+func renderOwnerPage(s *auth.Auth[User]) iris.Handler {
 	return func(ctx iris.Context) {
 		user := s.GetUser(ctx)
 		ctx.Writef("Hello owner: %s\n", user.Email)

_examples/auth/auth/user_provider.go

@@ -8,7 +8,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/kataras/iris/v12/sso"
+	"github.com/kataras/iris/v12/auth"
 )
 
 type Provider struct {
@@ -49,7 +49,7 @@ func (p *Provider) Signin(ctx context.Context, username, password string) (User,
 	return User{}, fmt.Errorf("user not found")
 }
 
-func (p *Provider) ValidateToken(ctx context.Context, standardClaims sso.StandardClaims, u User) error { // fired on VerifyHandler.
+func (p *Provider) ValidateToken(ctx context.Context, standardClaims auth.StandardClaims, u User) error { // fired on VerifyHandler.
 	// your database and checks of blocked tokens...
 
 	// check for specific token ids.
@@ -81,7 +81,7 @@ func (p *Provider) ValidateToken(ctx context.Context, standardClaims sso.Standar
 	return nil // else valid.
 }
 
-func (p *Provider) InvalidateToken(ctx context.Context, standardClaims sso.StandardClaims, u User) error { // fired on SignoutHandler.
+func (p *Provider) InvalidateToken(ctx context.Context, standardClaims auth.StandardClaims, u User) error { // fired on SignoutHandler.
 	// invalidate this specific token.
 	p.mu.Lock()
 	p.invalidated[standardClaims.ID] = struct{}{}

_examples/mvc/login/services/user_service.go

@@ -51,7 +51,7 @@ func (s *userService) GetByID(id int64) (datamodels.User, bool) {
 	})
 }
 
-// GetByUsernameAndPassword returns a user based on its username and passowrd,
+// GetByUsernameAndPassword returns a user based on its username and password,
 // used for authentication.
 func (s *userService) GetByUsernameAndPassword(username, userPassword string) (datamodels.User, bool) {
 	if username == "" || userPassword == "" {

_examples/mvc/websocket-auth/auth.yml

@@ -1,9 +1,12 @@
+Headers: # required.
+  - "Authorization"
+  - "X-Authorization"
 Cookie: # optional.
-  Name: "iris_sso"
+  Name: "iris_auth_cookie"
   Hash: "D*G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$C&F)J@NcRfUjXn2r4u7x" # length of 64 characters (512-bit).
   Block: "VkYp3s6v9y$B&E)H@McQfTjWmZq4t7w!" # length of 32 characters (256-bit).
 Keys:
-  - ID: IRIS_SSO_ACCESS # required.
+  - ID: IRIS_AUTH_ACCESS # required.
     Alg: EdDSA
     MaxAge: 2h # 2 hours lifetime for access tokens. 
     Private: |+
@@ -14,7 +17,7 @@ Keys:
       -----BEGIN PUBLIC KEY-----
       MCowBQYDK2VwAyEAzpgjKSr9E032DX+foiOxq1QDsbzjLxagTN+yVpGWZB4=
       -----END PUBLIC KEY-----
-  - ID: IRIS_SSO_REFRESH # optional. Good practise to have it though.
+  - ID: IRIS_AUTH_REFRESH # optional. Good practise to have it though.
     Alg: EdDSA
     # 1 month lifetime for refresh tokens,
     # after that period the user has to signin again.

_examples/mvc/websocket-auth/main.go

@@ -6,8 +6,8 @@ import (
 	"fmt"
 
 	"github.com/kataras/iris/v12"
+	"github.com/kataras/iris/v12/auth"
 	"github.com/kataras/iris/v12/mvc"
-	"github.com/kataras/iris/v12/sso"
 	"github.com/kataras/iris/v12/websocket"
 )
 
@@ -29,7 +29,7 @@ func newApp() *iris.Application {
 		LayoutDir("layouts").
 		Layout("main"))
 
-	s := sso.MustLoad[User]("./sso.yml")
+	s := auth.MustLoad[User]("./auth.yml")
 	s.AddProvider(NewProvider())
 
 	app.Get("/signin", renderSigninForm)
@@ -63,7 +63,7 @@ func (c *websocketController) Namespace() string {
 
 func (c *websocketController) OnChat(msg websocket.Message) error {
 	ctx := websocket.GetContext(c.Conn)
-	user := sso.GetUser[User](ctx)
+	user := auth.GetUser[User](ctx)
 
 	msg.Body = []byte(fmt.Sprintf("%s: %s", user.Email, string(msg.Body)))
 	c.Conn.Server().Broadcast(c, msg)

_examples/mvc/websocket-auth/user_provider.go

@@ -8,7 +8,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/kataras/iris/v12/sso"
+	"github.com/kataras/iris/v12/auth"
 )
 
 type Provider struct {
@@ -49,7 +49,7 @@ func (p *Provider) Signin(ctx context.Context, username, password string) (User,
 	return User{}, fmt.Errorf("user not found")
 }
 
-func (p *Provider) ValidateToken(ctx context.Context, standardClaims sso.StandardClaims, u User) error { // fired on VerifyHandler.
+func (p *Provider) ValidateToken(ctx context.Context, standardClaims auth.StandardClaims, u User) error { // fired on VerifyHandler.
 	// your database and checks of blocked tokens...
 
 	// check for specific token ids.
@@ -81,7 +81,7 @@ func (p *Provider) ValidateToken(ctx context.Context, standardClaims sso.Standar
 	return nil // else valid.
 }
 
-func (p *Provider) InvalidateToken(ctx context.Context, standardClaims sso.StandardClaims, u User) error { // fired on SignoutHandler.
+func (p *Provider) InvalidateToken(ctx context.Context, standardClaims auth.StandardClaims, u User) error { // fired on SignoutHandler.
 	// invalidate this specific token.
 	p.mu.Lock()
 	p.invalidated[standardClaims.ID] = struct{}{}