handlers.go

@@ -28,13 +28,12 @@ func NewHandler(oauth2Config *oauth2.Config, session SessionStorer, verifier *oi
 }
 
 type UserClaims struct {
-	Email    string   `json:"email"`
-	Verified bool     `json:"email_verified"`
-	Name     string   `json:"given_name"`
-	Username string   `json:"cognito:username"`
-	Picture  string   `json:"picture"`
-	Sub      string   `json:"sub"`
-	Groups   []string `json:"cognito:groups"`
+	Email    string `json:"email"`
+	Verified bool   `json:"email_verified"`
+	Name     string `json:"given_name"`
+	Username string `json:"cognito:username"`
+	Picture  string `json:"picture"`
+	Sub      string `json:"sub"`
 }
 
 func generateState() (string, error) {

middleware.go

@@ -85,31 +85,6 @@ func (m *Middleware) ProtectedRouteWithRedirect(next http.Handler) http.Handler
 	})
 }
 
-// IsAdmin Checks if admin group is present
-func IsAdmin(groups []string) bool {
-	for _, group := range groups {
-		if group == "admin" {
-			return true
-		}
-	}
-	return false
-}
-
-// AdminProtectedRoute Checks if user is member of admin group, if not return forbidden
-func (m *Middleware) AdminProtectedRoute(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		userOptional := r.Context().Value(userContextKey)
-		if userOptional != nil {
-			user := userOptional.(UserClaims)
-			if IsAdmin(user.Groups) {
-				next.ServeHTTP(w, r)
-			}
-		}
-
-		http.Error(w, "Forbidden", http.StatusForbidden)
-	})
-}
-
 func GetUserFromContext(r *http.Request) *UserClaims {
 	userOptional := r.Context().Value(userContextKey)
 	if userOptional != nil {