Go Quickstart
This quickstart guide outlines the essential steps to build a Discovery sign-up and login flow in your Go app using Stytch's B2B SaaS Authentication product.
Overview
Stytch offers a Go SDK that can be used either stand-alone, for an entirely backend integration with Stytch, or alongside our frontend SDKs. This quide covers the steps for an entirely backend integration with Stytch.
Want to skip straight to the source code? Check out an example app here.
Getting Started
1Install Stytch SDK and configure your API Keys
Create a Stytch B2B Project in your Stytch Dashboard if you haven't already.
Install our Go SDK
go get github.com/stytchauth/stytch-go/v12Configure your Stytch Project's API keys as environment variables:
STYTCH_PROJECT_ID="YOUR_STYTCH_PROJECT_ID"
STYTCH_SECRET="YOUR_STYTCH_PROJECT_SECRET"
# Use your Project's 'test' or 'live' credentials2Set up your app and login route
Set up a basic service and initialize the Stytch client with the environment variables you set in the previous step. Register an HTTP handler for a /login route that takes in the user's email address and initiates the sign-up or login flow by calling Stytch.
var ctx = context.Background()
func main() {
// Load variables from .env file into the environment.
if err := godotenv.Load(".env.local"); err != nil {
log.Fatalf("Error loading .env file: %v", err)
}
// Instantiate a new API service.
service := NewAuthService(
os.Getenv("STYTCH_PROJECT_ID"),
os.Getenv("STYTCH_SECRET"),
)
// Register HTTP handlers.
mux := http.NewServeMux()
mux.HandleFunc("/login", service.sendMagicLinkHandler).Methods("POST")
// Start server.
server := http.Server{
Addr: ":3000",
Handler: mux,
}
log.Println("WARNING: For testing purposes only. Not intended for production use...")
log.Println("Starting server on http://localhost:3000")
if err := server.ListenAndServe(); err != nil {
log.Fatal(err)
}
}
type AuthService struct {
client *b2bstytchapi.API
store *sessions.CookieStore
}
func NewAuthService(projectId, secret string) *AuthService {
client, err := b2bstytchapi.NewClient(projectId, secret)
if err != nil {
log.Fatalf("Error creating client: %v", err)
}
return &AuthService{
client: client,
store: sessions.NewCookieStore([]byte("your-secret-key")),
}
}
func (s *AuthService) sendMagicLinkHandler(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
log.Printf("Error parsing form: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
email := r.Form.Get("email")
if email == "" {
http.Error(w, "Email is required", http.StatusBadRequest)
return
}
_, err := s.client.MagicLinks.Email.Discovery.Send(ctx, &discovery.SendParams{
EmailAddress: email,
})
if err != nil {
log.Printf("Error sending email: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
fmt.Fprintln(w, "Successfully sent magic link email!")
}3Add a route to handle redirect callback from Stytch
When a user completes an authentication flow in Stytch, we will call the Redirect URL specified in your Stytch Dashboard with a token used to securely complete the auth flow. By default the redirect URL is set tohttp://localhost:3000/authenticate.
You can read more about redirect URLs and possible token types in this guide.
func main() {
// Add new HTTP handler
mux.HandleFunc("/authenticate", service.authenticateHandler).Methods("POST")
}
func (s *AuthService) authenticateHandler(w http.ResponseWriter, r *http.Request) {
tokenType := r.URL.Query().Get("stytch_token_type")
token := r.URL.Query().Get("token")
if tokenType != "discovery" {
log.Printf("Error: unrecognized token type %s\n", tokenType)
http.Error(w, fmt.Sprintf("Unrecognized token type %s", tokenType), http.StatusBadRequest)
return
}
resp, err := s.client.MagicLinks.Discovery.Authenticate(ctx, &discovery2.AuthenticateParams{
DiscoveryMagicLinksToken: token,
})
if err != nil {
log.Printf("Error authenticating: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}4Create new Organization or login to existing Organization
At this point in the flow, the end user has authenticated but has not specified whether they want to create a new Organization or log into another Organization they belong to or can join through their verified email domain and JIT Provisioning.
s.client.MagicLinks.Discovery.Authenticate() will return an Intermediate Session Token (IST) which allows you to preserve the authentication state while you present the user with options on how they wish to proceed. For the purposes of this quickstart, we will automatically create a new Organization if the end user does not have any Organizations they can log into and otherwise log into their first Organization.
func (s *AuthService) authenticateHandler(w http.ResponseWriter, r *http.Request) {
tokenType := r.URL.Query().Get("stytch_token_type")
token := r.URL.Query().Get("token")
if tokenType != "discovery" {
log.Printf("Error: unrecognized token type %s\n", tokenType)
http.Error(w, fmt.Sprintf("Unrecognized token type %s", tokenType), http.StatusBadRequest)
return
}
resp, err := s.client.MagicLinks.Discovery.Authenticate(ctx, &discovery2.AuthenticateParams{
DiscoveryMagicLinksToken: token,
})
if err != nil {
log.Printf("Error authenticating: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
ist := resp.IntermediateSessionToken
if len(resp.DiscoveredOrganizations) > 0 {
organizationId := resp.DiscoveredOrganizations[0].Organization.OrganizationID
resp, err := s.client.Discovery.IntermediateSessions.Exchange(
ctx,
&intermediatesessions.ExchangeParams{
IntermediateSessionToken: ist,
OrganizationID: organizationId,
},
)
if err != nil {
log.Printf("Error exchanging organization: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
} else {
resp, err := s.client.Discovery.Organizations.Create(ctx, &organizations2.CreateParams{
IntermediateSessionToken: ist
})
if err != nil {
log.Printf("Error creating organization: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
// Store the session token
session, _ := s.store.Get(r, "stytch_session")
session.Values["token"] = resp.SessionToken
_ = session.Save(r, w)
w.WriteHeader(http.StatusOK)
fmt.Fprintln(
w,
"Welcome %s! You're logged into the %s organization",
resp.Member.EmailAddress,
resp.Organization.OrganizationName
)
}5Test your application
Run your application
go run ./...Send a POST request to the /login endpoint with your email address to initiate the Discovery flow, and then click on the email magic link you receive in your inbox to finish signing up or logging in.
6What's next
Completed example
Check out the example app here to see how you might extend this quickstart to enable JIT Provisioning by email domain, session exchange between orgs and more!
package main
import (
"context"
"fmt"
"log"
"net/http"
"os"
"github.com/gorilla/sessions"
"github.com/joho/godotenv"
"github.com/stytchauth/stytch-go/v12/stytch/b2b/b2bstytchapi"
"github.com/stytchauth/stytch-go/v12/stytch/b2b/discovery/intermediatesessions"
"github.com/stytchauth/stytch-go/v12/stytch/b2b/discovery/organizations"
discovery2 "github.com/stytchauth/stytch-go/v12/stytch/b2b/magiclinks/discovery"
"github.com/stytchauth/stytch-go/v12/stytch/b2b/magiclinks/email/discovery"
sessions2 "github.com/stytchauth/stytch-go/v12/stytch/b2b/sessions"
)
var ctx = context.Background()
func main() {
// Load variables from .env file into the environment.
if err := godotenv.Load(".env.local"); err != nil {
log.Fatalf("Error loading .env file: %v", err)
}
// Instantiate a new API service.
service := NewAuthService(
os.Getenv("STYTCH_PROJECT_ID"),
os.Getenv("STYTCH_SECRET"),
)
// Register HTTP handlers.
mux := http.NewServeMux()
mux.HandleFunc("/login", service.sendMagicLinkHandler).Methods("POST")
mux.HandleFunc("/authenticate", service.authenticateHandler).Methods("POST")
// Start server.
server := http.Server{
Addr: ":3000",
Handler: mux,
}
log.Println("WARNING: For testing purposes only. Not intended for production use...")
log.Println("Starting server on http://localhost:3000")
if err := server.ListenAndServe(); err != nil {
log.Fatal(err)
}
}
type AuthService struct {
client *b2bstytchapi.API
store *sessions.CookieStore
}
func NewAuthService(projectId, secret string) *AuthService {
client, err := b2bstytchapi.NewClient(projectId, secret)
if err != nil {
log.Fatalf("Error creating client: %v", err)
}
return &AuthService{
client: client,
store: sessions.NewCookieStore([]byte("your-secret-key")),
}
}
func (s *AuthService) sendMagicLinkHandler(w http.ResponseWriter, r *http.Request) {
if err := r.ParseForm(); err != nil {
log.Printf("Error parsing form: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
email := r.Form.Get("email")
if email == "" {
http.Error(w, "Email is required", http.StatusBadRequest)
return
}
_, err := s.client.MagicLinks.Email.Discovery.Send(ctx, &discovery.SendParams{
EmailAddress: email,
})
if err != nil {
log.Printf("Error sending email: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusOK)
fmt.Fprintln(w, "Successfully sent magic link email!")
}
func (s *AuthService) authenticateHandler(w http.ResponseWriter, r *http.Request) {
tokenType := r.URL.Query().Get("stytch_token_type")
token := r.URL.Query().Get("token")
if tokenType != "discovery" {
log.Printf("Error: unrecognized token type %s\n", tokenType)
http.Error(w, fmt.Sprintf("Unrecognized token type %s", tokenType), http.StatusBadRequest)
return
}
resp, err := s.client.MagicLinks.Discovery.Authenticate(ctx, &discovery2.AuthenticateParams{
DiscoveryMagicLinksToken: token,
})
if err != nil {
log.Printf("Error authenticating: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
ist := resp.IntermediateSessionToken
if len(resp.DiscoveredOrganizations) > 0 {
organizationId := resp.DiscoveredOrganizations[0].Organization.OrganizationID
resp, err := s.client.Discovery.IntermediateSessions.Exchange(
ctx,
&intermediatesessions.ExchangeParams{
IntermediateSessionToken: ist,
OrganizationID: organizationId,
},
)
if err != nil {
log.Printf("Error exchanging organization: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
} else {
resp, err := s.client.Discovery.Organizations.Create(ctx, &organizations.CreateParams{
IntermediateSessionToken: ist
})
if err != nil {
log.Printf("Error creating organization: %v\n", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
// Store the session token
session, _ := s.store.Get(r, "stytch_session")
session.Values["token"] = resp.SessionToken
_ = session.Save(r, w)
w.WriteHeader(http.StatusOK)
fmt.Fprintln(
w,
"Welcome %s! You're logged into the %s organization",
resp.Member.EmailAddress,
resp.Organization.OrganizationName
)
}