Chapter 3

Auth & RBAC

JWT, OAuth2, 2FA, and role-based access.

~32 min total4 lessonsAssignment

By the end of this chapter you'll be able to

Add JWT auth
Wire OAuth2 (Google + GitHub)
Add TOTP 2FA
Apply role guards

Lessons

Module: Auth

JWT auth

9mmedium

OAuth2

Google + GitHub sign-in.

8mmedium

TOTP 2FA

Authenticator-app codes.

7mmedium

Module: Access control

RBAC + invitations

Roles, ownership, team invites.

8mmedium

Chapter assignment

Lock down a route

Add a `/api/admin/stats` endpoint that returns user counts. Protect it with the Auth middleware AND `RequireRoles("admin")`. Verify a regular user gets 404 and an admin gets 200.

See success criteria

Lesson 1 takes ~9 min.

Start chapter

Spot a typo? Have an idea?

Help us improve this chapter. One click opens a GitHub issue with this chapter's URL pre-filled — suggest a clearer wording, report a bug, or request a new lesson. The course keeps improving thanks to learners like you.

Suggest an improvement on GitHub

ch.2: Modeling with GORM ch.4: Batteries: Jobs, Mail, Storage, AI