How to add query params to google oauth in golang?

huangapple go评论80阅读模式
英文:

How to add query params to google oauth in golang?

问题

在我的用例中,我需要向Google OAuth重定向URL添加一个查询参数。我正在以以下方式添加一个键为redirect的查询参数:

var (
    googleRedirectURL = "http://127.0.0.1:8080/oauth-callback/google"
    oauthCfg = &oauth2.Config{
        ClientID:     "XXXXXXXXXX",
        ClientSecret: "XXXXXXXXXX",
        Endpoint:     google.Endpoint,
        RedirectURL:  "http://127.0.0.1:8080/oauth-callback/google",
        Scopes:       []string{"https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.email"},
    }
    //random string for oauth2 API calls to protect against CSRF
    googleOauthStateString = getUUID()
)

const profileInfoURL = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"

func HandleGoogleLogin(w http.ResponseWriter, r *http.Request) {
    redirect := strings.TrimSpace(r.FormValue("redirect"))
    if redirect == "" {
        httpErrorf(w, "HandleGoogleLogin() :: Missing redirect value for /login")
        return
    }
    q := url.Values{
        "redirect": {redirect},
    }.Encode()
    
    //params := '{\"redirect\": '+redirect+'}'
    log.Printf("HandleGoogleLogin() :: redirect %s ", q)

    //param     := oauth2.SetAuthURLParam("redirect", q)
    // url     := oauthCfg.AuthCodeURL("state", param)

    //append the redirect URL to the request
    oauthCfg.RedirectURL = googleRedirectURL
    url := oauthCfg.AuthCodeURL("state")
    url = oauthCfg.AuthCodeURL(googleOauthStateString, oauth2.AccessTypeOnline)
    url = url + "?redirct=" + q
    http.Redirect(w, r, url, http.StatusTemporaryRedirect)
}

但是这会将重定向参数附加到URL的状态参数上。因此,当我比较状态码oauthCfg.AuthCodeURL("state")时,值会有所不同。我的意思是以下检查:

state := r.FormValue("state")
log.Printf("HandleGoogleCallback() :: state string %s ", state)
if state != googleOauthStateString {
    log.Printf("invalid oauth state, expected '%s', got '%s'\n", googleOauthStateString, state)
    http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
    return
}

我可以使用?分隔符拆分字符串以获取状态值。但是我认为在Google OAuth中添加查询参数到重定向URL的方法应该有一个标准的方式。有人能给出一些建议吗?

英文:

In my use case I have to add a query param to google oauth redirect URL. I am adding a query param with key as redirect. I am trying to add in the following way,

var (
	googleRedirectURL = "http://127.0.0.1:8080/oauth-callback/google"
	oauthCfg = &oauth2.Config{
		ClientID:     "XXXXXXXXXX",
		ClientSecret: "XXXXXXXXXX",
		Endpoint:     google.Endpoint,
		RedirectURL:  "http://127.0.0.1:8080/oauth-callback/google",
		Scopes:       []string{"https://www.googleapis.com/auth/userinfo.profile", "https://www.googleapis.com/auth/userinfo.email"},
	}
	//random string for oauth2 API calls to protect against CSRF
	googleOauthStateString = getUUID()
)

const profileInfoURL = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json"

func HandleGoogleLogin(w http.ResponseWriter, r *http.Request) {
	redirect := strings.TrimSpace(r.FormValue("redirect"))
	if redirect == "" {
		httpErrorf(w, "HandleGoogleLogin() :: Missing redirect value for /login")
		return
	}
	q := url.Values{
		"redirect": {redirect},
	}.Encode()
	
	//params := '{"redirect": '+redirect+'}'
	log.Printf("HandleGoogleLogin() :: redirect %s ", q)

	//param 	:= oauth2.SetAuthURLParam("redirect", q)
	// url 	:= oauthCfg.AuthCodeURL("state", param)

	//append the redirect URL to the request
	oauthCfg.RedirectURL = googleRedirectURL
	url := oauthCfg.AuthCodeURL("state")
	url = oauthCfg.AuthCodeURL(googleOauthStateString, oauth2.AccessTypeOnline)
	url = url + "?redirct=" + q
	http.Redirect(w, r, url, http.StatusTemporaryRedirect)
}

But this is appending the redirect param to the state param of the url. So when I compare the state code oauthCfg.AuthCodeURL("state") the value differs. I mean the following check.

state := r.FormValue("state")
log.Printf("HandleGoogleCallback() :: state string %s ", state)
if state != googleOauthStateString {
	log.Printf("invalid oauth state, expected '%s', got '%s'\n", googleOauthStateString, state)
	http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
	return
}

I can split the string to get the state value using ? delimiter. But I thought there must be a standard way of adding query param to redirect url in google oauth. Could someone give some suggestions on this?

答案1

得分: 2

我认为你离答案很近。这对我有用:

hostDomainOption := oauth2.SetAuthURLParam("hd", "example.com")

authUrl := oAuthConfig.AuthCodeURL("state",
    oauth2.AccessTypeOffline,
    hostDomainOption)

我认为你可能卡在了注意到AuthCodeURL方法是可变参数的地方。

英文:

I think you're close. This worked for me:

hostDomainOption := oauth2.SetAuthURLParam("hd", "example.com")

authUrl := oAuthConfig.AuthCodeURL("state",
    oauth2.AccessTypeOffline,
    hostDomainOption)

I think where you might have been stuck is noticing that the AuthCodeURL method is variadic.

huangapple
  • 本文由 发表于 2016年4月9日 14:49:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/36513674.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定