dqthn68688
2015-11-10 05:30
浏览 89
已采纳

使用OAuth2.0作为Webapp的授权系统

I'm fairly new to implementing an authorization system for webapps and would like to use OAuth2.0 with Google to provide authorization to users that need to login to their accounts on the webapp. This means that Google will be providing the account details for users, but I will not be using the Google API. I will need a way to tell who's logged on and whether they have access to certain APIs using OAuth. I am aware that Google provides simple sign-in, but I would like to learn more about OAuth 2.0, which is why I'm using it.

I've been doing some research to try and understand OAuth2.0 in general (this presentation has been particularly useful). From what I understand there are several different response types for OAuth, but I haven't been able to figure out what suites my use case the best.

Since I'm using Golang for my backend (Gocraft/web for mux and middleware and Golang OAuth2.0 for OAuth2.0, I would appreciate an example related to Golang, if anyone is willing to give me one. I haven't been able to get far, but I've got an OAuth2.0 configuration up:

oauthConfig := &oauth2.Config{
    ClientID: "...",
    ClientSecret: "...",
    Endpoint: oauth2.Endpoint{
        AuthURL: "https://accounts.google.com/o/oauth2/auth",
        TokenURL: "https://accounts.google.com/o/oauth2/token",
    },
    RedirectURL: "...",
    Scopes: []string{ "https://www.googleapis.com/auth/userinfo.profile" },
}

Any insight would be appreciated, thank you!

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongnaoxia0927 2015-11-11 00:14
    已采纳

    I ended up using Goth, as suggested in this comment by @elithrar.

    打赏 评论

相关推荐 更多相似问题