dsf323233323332 2018-08-03 07:29
浏览 124
已采纳

将Google oauth2与Go一起使用

I'm working with Go and I would like to use the Google API. From the doc, I found this example :

// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
conf := &oauth2.Config{
    ClientID:     "YOUR_CLIENT_ID",
    ClientSecret: "YOUR_CLIENT_SECRET",
    RedirectURL:  "YOUR_REDIRECT_URL",
    Scopes: []string{
        "https://www.googleapis.com/auth/bigquery",
        "https://www.googleapis.com/auth/blogger",
    },
    Endpoint: google.Endpoint,
}
// Redirect user to Google's consent page to ask for permission
// for the scopes specified above.
url := conf.AuthCodeURL("state")
fmt.Printf("Visit the URL for the auth dialog: %v", url)

// Handle the exchange code to initiate a transport.
tok, err := conf.Exchange(oauth2.NoContext, "authorization-code")
if err != nil {
    log.Fatal(err)
}
client := conf.Client(oauth2.NoContext, tok)
client.Get("...")

I have two questions :

  • What is the redirect_url? In the Developers Console, I can get my client_id and my client_secret but I don't know what is the redirect_url. Where can I find it?

  • What is the authorization_code? Where can I find it?

Thanks

  • 写回答

1条回答 默认 最新

  • doson1998 2018-08-03 08:40
    关注

    The way OAuth works is,

    1) You register you application with the vendor in this case its Google, when you do the registration you will receive a ApplicationID(or clientID) and a secret key. This ApplicationID is the uniqueID for your application in the google app world.

    2) when you ask your user to authenticate themselves with google you will redirect the user to the Google Authentication page with you ApplicationID and the redirect URL. Note, here the redirect URL is your page.

    3) Once the user Authenticate themselves and provides your application with Authorization, google with redirect the user to your redirect URL with a code.

    4) You can think of this code as a identifier of the entire Authentication session

    5) Now the user has been Authenticated but how will google know that the ApplicationID that you have passed belongs to you and you are not impersonating someone else, to ensure this you have to pass the code that you received in Step3 back to google along with you ApplicationId and the Secret Key, when you do that Google will authenticate you and ensure that you are the owner of this application and it will then Provide you with a bearer Auth Token and a refresh auth Token.

    6) Now the authentication and Authorization is complete and for API calls you can use the bearer token for Authorization and when the bearer token expires you can use the refresh token to get a new bearer token.

    Hope this helps

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!