I'm fairly new to implementing an authorization system for webapps and would like to use OAuth2.0 with Google to provide authorization to users that need to login to their accounts on the webapp. This means that Google will be providing the account details for users, but I will not be using the Google API. I will need a way to tell who's logged on and whether they have access to certain APIs using OAuth. I am aware that Google provides simple sign-in, but I would like to learn more about OAuth 2.0, which is why I'm using it.
I've been doing some research to try and understand OAuth2.0 in general (this presentation has been particularly useful). From what I understand there are several different response types for OAuth, but I haven't been able to figure out what suites my use case the best.
Since I'm using Golang for my backend (Gocraft/web for mux and middleware and Golang OAuth2.0 for OAuth2.0, I would appreciate an example related to Golang, if anyone is willing to give me one. I haven't been able to get far, but I've got an OAuth2.0 configuration up:
oauthConfig := &oauth2.Config{
ClientID: "...",
ClientSecret: "...",
Endpoint: oauth2.Endpoint{
AuthURL: "https://accounts.google.com/o/oauth2/auth",
TokenURL: "https://accounts.google.com/o/oauth2/token",
},
RedirectURL: "...",
Scopes: []string{ "https://www.googleapis.com/auth/userinfo.profile" },
}
Any insight would be appreciated, thank you!
