• Stars
    star
    150
  • Rank 247,323 (Top 5 %)
  • Language
    HTML
  • Created over 6 years ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A simple Oauth2 example with Go

Oauth2-example with Go

Authentication is the most common part in any application. You can implement your own authentication system or use one of the many alternatives that exist, but in this case we are going to use OAuth2.

OAuth is a specification that allows users to delegate access to their data without sharing their username and password with that service, if you want to read more about Oauth2 go here.

Config Google Project

First things first, we need to create our Google Project and create OAuth2 credentials.

  • Go to Google Cloud Platform
  • Create a new project or select one if you already have it.
  • Go to Credentials and then create a new one choosing “OAuth client ID”
  • Add "authorized redirect URL", for this example localhost:8000/auth/google/callback
  • Copy the client_id and client secret

How OAuth2 works with Google

The authorization sequence begins when your application redirects the browser to a Google URL; the URL includes query parameters that indicate the type of access being requested. Google handles the user authentication, session selection, and user consent. The result is an authorization code, which the application can exchange for an access token and a refresh token.

The application should store the refresh token for future use and use the access token to access a Google API. Once the access token expires, the application uses the refresh token to obtain a new one.

Oauth2Google

Let's go to the code

We will use the package "golang.org/x/oauth2" that provides support for making OAuth2 authorized and authenticated HTTP requests.

Create a new project(folder) in your workdir in my case I will call it 'oauth2-example', and we need to include the package of oauth2.

go get golang.org/x/oauth2

So into the project we create a main.go.

package main

import (
	"fmt"
	"net/http"
	"log"
	"github.com/douglasmakey/oauth2-example/handlers"
)

func main() {
	server := &http.Server{
		Addr: fmt.Sprintf(":8000"),
		Handler: handlers.New(),
	}

	log.Printf("Starting HTTP Server. Listening at %q", server.Addr)
	if err := server.ListenAndServe(); err != http.ErrServerClosed {
		log.Printf("%v", err)
	} else {
		log.Println("Server closed!")
	}
}

We create a simple server using http.Server and run.

Next, we create folder 'handlers' that contains handler of our application, in this folder create 'base.go'.

package handlers

import (
	"net/http"
)

func New() http.Handler {
	mux := http.NewServeMux()
	// Root
	mux.Handle("/",  http.FileServer(http.Dir("templates/")))

	// OauthGoogle
	mux.HandleFunc("/auth/google/login", oauthGoogleLogin)
	mux.HandleFunc("/auth/google/callback", oauthGoogleCallback)

	return mux
}

We use http.ServeMux to handle our endpoints, next we create the Root endpoint "/" for serving a simple template with a minimmum HTML&CSS in this example we use 'http. http.FileServer', that template is 'index.html' and is in the folder 'templates'.

Also we create two endpoints for Oauth with Google "/auth/google/login" and "/auth/google/callback". Remember when we configured our application in the Google console? The callback url must be the same.

Next, we create another file into handlers, we'll call it 'oauth_google.go', this file contains all logic to handle OAuth with Google in our application.

We Declare the var googleOauthConfig with auth.Config to communicate with Google. Scopes: OAuth 2.0 scopes provide a way to limit the amount of access that is granted to an access token.

var googleOauthConfig = &oauth2.Config{
	RedirectURL:  "http://localhost:8000/auth/google/callback",
	ClientID:     os.Getenv("GOOGLE_OAUTH_CLIENT_ID"),
	ClientSecret: os.Getenv("GOOGLE_OAUTH_CLIENT_SECRET"),
	Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
	Endpoint:     google.Endpoint,
}

Handler oauthGoogleLogin

This handler creates a login link and redirects the user to it:

AuthCodeURL receive state that is a token to protect the user from CSRF attacks. You must always provide a non-empty string and validate that it matches with the state query parameter on your redirect callback, It's advisable that this is randomly generated for each request, that's why we use a simple cookie.

func oauthGoogleLogin(w http.ResponseWriter, r *http.Request) {

	// Create oauthState cookie
	oauthState := generateStateOauthCookie(w)
	u := googleOauthConfig.AuthCodeURL(oauthState)
	http.Redirect(w, r, u, http.StatusTemporaryRedirect)
}

func generateStateOauthCookie(w http.ResponseWriter) string {
	var expiration = time.Now().Add(365 * 24 * time.Hour)

	b := make([]byte, 16)
	rand.Read(b)
	state := base64.URLEncoding.EncodeToString(b)
	cookie := http.Cookie{Name: "oauthstate", Value: state, Expires: expiration}
	http.SetCookie(w, &cookie)

	return state
}
	

Handler oauthGoogleCallback

This handler check if the state is equals to oauthStateCookie, and pass the code to the function getUserDataFromGoogle.

func oauthGoogleCallback(w http.ResponseWriter, r *http.Request) {
	// Read oauthState from Cookie
	oauthState, _ := r.Cookie("oauthstate")

	if r.FormValue("state") != oauthState.Value {
		log.Println("invalid oauth google state")
		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
		return
	}

	data, err := getUserDataFromGoogle(r.FormValue("code"))
	if err != nil {
		log.Println(err.Error())
		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
		return
	}

	// GetOrCreate User in your db.
	// Redirect or response with a token.
	// More code .....
	fmt.Fprintf(w, "UserInfo: %s\n", data)
}

func getUserDataFromGoogle(code string) ([]byte, error) {
	// Use code to get token and get user info from Google.
	
	token, err := googleOauthConfig.Exchange(context.Background(), code)
	if err != nil {
		return nil, fmt.Errorf("code exchange wrong: %s", err.Error())
	}
	response, err := http.Get(oauthGoogleUrlAPI + token.AccessToken)
	if err != nil {
		return nil, fmt.Errorf("failed getting user info: %s", err.Error())
	}
	defer response.Body.Close()
	contents, err := ioutil.ReadAll(response.Body)
	if err != nil {
		return nil, fmt.Errorf("failed read response: %s", err.Error())
	}
	return contents, nil
}

Full code oauth_google.go

package handlers

import (
	"golang.org/x/oauth2"
	"golang.org/x/oauth2/google"
	"net/http"
	"fmt"
	"io/ioutil"
	"context"
	"log"
	"encoding/base64"
	"crypto/rand"
	"os"
	"time"
)

// Scopes: OAuth 2.0 scopes provide a way to limit the amount of access that is granted to an access token.
var googleOauthConfig = &oauth2.Config{
	RedirectURL:  "http://localhost:8000/auth/google/callback",
	ClientID:     os.Getenv("GOOGLE_OAUTH_CLIENT_ID"),
	ClientSecret: os.Getenv("GOOGLE_OAUTH_CLIENT_SECRET"),
	Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
	Endpoint:     google.Endpoint,
}

const oauthGoogleUrlAPI = "https://www.googleapis.com/oauth2/v2/userinfo?access_token="

func oauthGoogleLogin(w http.ResponseWriter, r *http.Request) {

	// Create oauthState cookie
	oauthState := generateStateOauthCookie(w)

	/*
	AuthCodeURL receive state that is a token to protect the user from CSRF attacks. You must always provide a non-empty string and
	validate that it matches the the state query parameter on your redirect callback.
	*/
	u := googleOauthConfig.AuthCodeURL(oauthState)
	http.Redirect(w, r, u, http.StatusTemporaryRedirect)
}

func oauthGoogleCallback(w http.ResponseWriter, r *http.Request) {
	// Read oauthState from Cookie
	oauthState, _ := r.Cookie("oauthstate")

	if r.FormValue("state") != oauthState.Value {
		log.Println("invalid oauth google state")
		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
		return
	}

	data, err := getUserDataFromGoogle(r.FormValue("code"))
	if err != nil {
		log.Println(err.Error())
		http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
		return
	}

	// GetOrCreate User in your db.
	// Redirect or response with a token.
	// More code .....
	fmt.Fprintf(w, "UserInfo: %s\n", data)
}

func generateStateOauthCookie(w http.ResponseWriter) string {
	var expiration = time.Now().Add(365 * 24 * time.Hour)

	b := make([]byte, 16)
	rand.Read(b)
	state := base64.URLEncoding.EncodeToString(b)
	cookie := http.Cookie{Name: "oauthstate", Value: state, Expires: expiration}
	http.SetCookie(w, &cookie)

	return state
}

func getUserDataFromGoogle(code string) ([]byte, error) {
	// Use code to get token and get user info from Google.

	token, err := googleOauthConfig.Exchange(context.Background(), code)
	if err != nil {
		return nil, fmt.Errorf("code exchange wrong: %s", err.Error())
	}
	response, err := http.Get(oauthGoogleUrlAPI + token.AccessToken)
	if err != nil {
		return nil, fmt.Errorf("failed getting user info: %s", err.Error())
	}
	defer response.Body.Close()
	contents, err := ioutil.ReadAll(response.Body)
	if err != nil {
		return nil, fmt.Errorf("failed read response: %s", err.Error())
	}
	return contents, nil
}

let's run and test

go run main.go

More Repositories

1

ursho

URL Shortener Service in Go
Go
124
star
2

tracking

A geospatial tracking service with Go and Redis
Go
51
star
3

go-fcm

Firebase Cloud Messaging library written in Go
Go
33
star
4

shelldon

Shelldon is your new Rust-powered buddy with GPT features! It’s not trying to be the ultimate GPT client—there are already a ton of those out there. Shelldon was born out of my personal need for a smarter CLI . It tackles some quirky use cases and makes my life easier, and hopefully yours too. Plus, who doesn’t love a fun side project?
Rust
24
star
5

admissioncontroller

A simple boilerplate for an admission controller in Go.
Go
23
star
6

cache-example

A few days ago, I read an article about BigCache and I was interested to know how they avoided these 2 problems: concurrent access and expensive GC cycles
Go
14
star
7

golang_api

PLEASE DON'T USE THIS IT WAS AN EXPERIMENT - A RESTful application boilerplate in Go using Echo + gorm with PostgreSQL and more.
Go
14
star
8

send-file-over-tcp-demo

Go
12
star
9

envi

Environment vars in Go.
Go
11
star
10

ebpf-learning

C
10
star
11

chatting-with-docs

This is an ultra-simple example of using Langchain, Chroma and OpenAI for chatting with your documents
Python
10
star
12

k8s-validating-admission-policy

CEL for admission controller with ValidatingAdmissionPolicy in K8s 1.26
8
star
13

dijkstra-heap

Simple implementation of Dijkstra using a heap in Golang
Go
8
star
14

go-sockets-uds-network-pprof

Go
8
star
15

socket-sharding

Go
6
star
16

tookan_api

python library for TookanApi
Python
6
star
17

poc-rust-https-sniffer

Rust
6
star
18

poc-ddos-xdp

A simple PoC of DDoS mitigation in Rust using XDP
Rust
5
star
19

isoserver

This repository hosts a simple Rust-based proof of concept (PoC) for implementing TCP and UDP echo servers, running in its own isolated network namespace. It's a exploration into advanced networking concepts in Rust, leveraging the power of network namespaces for process isolation and the Tokio runtime for asynchronous operations.
Rust
5
star
20

syn-ack

Rust
4
star
21

gitjump

The easiest way to navigate through commits in a git repository!
Go
3
star
22

streaming-go-socketio

Streaming in Go with Socketio
HTML
2
star
23

simple-proxy

Go
1
star
24

hackerrank

My personal hackerrank solutions
Go
1
star
25

pocketknife

A simple 📚 collection of Go functions, data and tidbits that I'm too lazy to write whenever I need it.
Go
1
star
26

go-algorithms-patterns

Go Examples of Common Patterns, Algorithms And More ....
Go
1
star
27

rat_shell

Go
1
star