I can not seem to find a SIMPLE answer to the question on how to persist OAuth2 authentication... Let's take Google+ OAuth2 API as an example.
- User goes to page
- User is not authenticated, and gets redirected to authentication page where he logs in
- User logs in successfully and authorises my app
- User gets redirect to specified (by me) URI with Authorisation Code
- I use authorisation code to obtain a token in order to submit queries in the name of the user
All is good and well. My question is: how do you SECURELY know at step 2 that the user visiting the page is already logged in, without having to go through the whole process of redirecting him to all these pages.
I assume storing the Authorisation Code retrieved at step 4 in a cookie is not an option.
All of this will happen in a server-side (Go - if that matters) application. Any help is much appreciated... I need a simple solution.
Thank you!