dsf323233323332 2018-08-03 07:29
浏览 124
已采纳

将Google oauth2与Go一起使用

I'm working with Go and I would like to use the Google API. From the doc, I found this example :

// Your credentials should be obtained from the Google
// Developer Console (https://console.developers.google.com).
conf := &oauth2.Config{
    ClientID:     "YOUR_CLIENT_ID",
    ClientSecret: "YOUR_CLIENT_SECRET",
    RedirectURL:  "YOUR_REDIRECT_URL",
    Scopes: []string{
        "https://www.googleapis.com/auth/bigquery",
        "https://www.googleapis.com/auth/blogger",
    },
    Endpoint: google.Endpoint,
}
// Redirect user to Google's consent page to ask for permission
// for the scopes specified above.
url := conf.AuthCodeURL("state")
fmt.Printf("Visit the URL for the auth dialog: %v", url)

// Handle the exchange code to initiate a transport.
tok, err := conf.Exchange(oauth2.NoContext, "authorization-code")
if err != nil {
    log.Fatal(err)
}
client := conf.Client(oauth2.NoContext, tok)
client.Get("...")

I have two questions :

  • What is the redirect_url? In the Developers Console, I can get my client_id and my client_secret but I don't know what is the redirect_url. Where can I find it?

  • What is the authorization_code? Where can I find it?

Thanks

  • 写回答

1条回答 默认 最新

  • doson1998 2018-08-03 08:40
    关注

    The way OAuth works is,

    1) You register you application with the vendor in this case its Google, when you do the registration you will receive a ApplicationID(or clientID) and a secret key. This ApplicationID is the uniqueID for your application in the google app world.

    2) when you ask your user to authenticate themselves with google you will redirect the user to the Google Authentication page with you ApplicationID and the redirect URL. Note, here the redirect URL is your page.

    3) Once the user Authenticate themselves and provides your application with Authorization, google with redirect the user to your redirect URL with a code.

    4) You can think of this code as a identifier of the entire Authentication session

    5) Now the user has been Authenticated but how will google know that the ApplicationID that you have passed belongs to you and you are not impersonating someone else, to ensure this you have to pass the code that you received in Step3 back to google along with you ApplicationId and the Secret Key, when you do that Google will authenticate you and ensure that you are the owner of this application and it will then Provide you with a bearer Auth Token and a refresh auth Token.

    6) Now the authentication and Authorization is complete and for API calls you can use the bearer token for Authorization and when the bearer token expires you can use the refresh token to get a new bearer token.

    Hope this helps

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 求数学坐标画圆以及直线的算法
  • ¥35 平滑拟合曲线该如何生成
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable
  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 自己瞎改改,结果现在又运行不了了
  • ¥15 链式存储应该如何解决