使用OAuth2.0作为Web应用的授权系统。

huangapple
go评论74阅读模式
英文:

Using OAuth2.0 as Authorization system for webapp

问题

我对于在Web应用程序中实现授权系统还比较新手,我想使用OAuth2.0与Google一起提供用户登录授权。这意味着Google将提供用户的帐户详细信息,但我不会使用Google API。我需要一种方法来确定谁已登录,并使用OAuth判断他们是否有权访问某些API。我知道Google提供了简单的登录功能(https://developers.google.com/identity/sign-in/web/),但我想更多地了解OAuth 2.0,这就是我使用它的原因。

我已经进行了一些研究,试图理解OAuth2.0的基本原理(这个演示文稿http://www.slideshare.net/aaronpk/an-introduction-to-oauth-2对我很有帮助)。据我所了解,OAuth有几种不同的响应类型,但我还没有找到最适合我使用情况的类型。

由于我在后端使用Golang(使用Gocraft/web进行mux和中间件,使用Golang OAuth2.0进行OAuth2.0),如果有人愿意给我提供一个相关的Golang示例,我将不胜感激。我还没有进展多少,但我已经配置了一个OAuth2.0:

oauthConfig := &oauth2.Config{
ClientID: "...",
ClientSecret: "...",
Endpoint: oauth2.Endpoint{
AuthURL: "https://accounts.google.com/o/oauth2/auth",
TokenURL: "https://accounts.google.com/o/oauth2/token",
},
RedirectURL: "...",
Scopes: []string{ "https://www.googleapis.com/auth/userinfo.profile" },
}

非常感谢您提供的任何见解!

英文:

I'm fairly new to implementing an authorization system for webapps and would like to use OAuth2.0 with Google to provide authorization to users that need to login to their accounts on the webapp. This means that Google will be providing the account details for users, but I will not be using the Google API. I will need a way to tell who's logged on and whether they have access to certain APIs using OAuth. I am aware that Google provides simple sign-in, but I would like to learn more about OAuth 2.0, which is why I'm using it.

I've been doing some research to try and understand OAuth2.0 in general (this presentation has been particularly useful). From what I understand there are several different response types for OAuth, but I haven't been able to figure out what suites my use case the best.

Since I'm using Golang for my backend (Gocraft/web for mux and middleware and Golang OAuth2.0 for OAuth2.0, I would appreciate an example related to Golang, if anyone is willing to give me one. I haven't been able to get far, but I've got an OAuth2.0 configuration up:

oauthConfig := &oauth2.Config{
    ClientID: "...",
    ClientSecret: "...",
    Endpoint: oauth2.Endpoint{
        AuthURL: "https://accounts.google.com/o/oauth2/auth",
        TokenURL: "https://accounts.google.com/o/oauth2/token",
    },
    RedirectURL: "...",
    Scopes: []string{ "https://www.googleapis.com/auth/userinfo.profile" },
}

Any insight would be appreciated, thank you!

答案1

得分: 1

我最终使用了Goth,如@elithrar这条评论中建议的那样。

英文:

I ended up using Goth, as suggested in this comment by @elithrar.

huangapple
  • 本文由 发表于 2015年11月10日 13:30:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/33623520.html
  • authorization
  • go
  • oauth
  • oauth-2.0
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定