dqthn68688
dqthn68688
2015-11-10 05:30

使用OAuth2.0作为Webapp的授权系统

已采纳

I'm fairly new to implementing an authorization system for webapps and would like to use OAuth2.0 with Google to provide authorization to users that need to login to their accounts on the webapp. This means that Google will be providing the account details for users, but I will not be using the Google API. I will need a way to tell who's logged on and whether they have access to certain APIs using OAuth. I am aware that Google provides simple sign-in, but I would like to learn more about OAuth 2.0, which is why I'm using it.

I've been doing some research to try and understand OAuth2.0 in general (this presentation has been particularly useful). From what I understand there are several different response types for OAuth, but I haven't been able to figure out what suites my use case the best.

Since I'm using Golang for my backend (Gocraft/web for mux and middleware and Golang OAuth2.0 for OAuth2.0, I would appreciate an example related to Golang, if anyone is willing to give me one. I haven't been able to get far, but I've got an OAuth2.0 configuration up:

oauthConfig := &oauth2.Config{
    ClientID: "...",
    ClientSecret: "...",
    Endpoint: oauth2.Endpoint{
        AuthURL: "https://accounts.google.com/o/oauth2/auth",
        TokenURL: "https://accounts.google.com/o/oauth2/token",
    },
    RedirectURL: "...",
    Scopes: []string{ "https://www.googleapis.com/auth/userinfo.profile" },
}

Any insight would be appreciated, thank you!

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

1条回答

  • dongnaoxia0927 dongnaoxia0927 6年前

    I ended up using Goth, as suggested in this comment by @elithrar.

    点赞 评论 复制链接分享

为你推荐