Table of Contents
- Web Authentication With Golang - Google's Go Language
- Learn Golang Web Authentication, Encryption, JWT, HMAC, & OAuth with the Go Language
- Todd McLeod
- Original Repo: golang-arch
- Marshal
- go modules
02-encode-decode
- decode:curl -XGET -H "Content-type: application/json" -d '{"First":"James"}' 'localhost:8080/decode'
- base64
- reversible
- never use with http; only https
- Password storage
- Go Package - bcrypt
- For password
- Go Package - hmac
- For verifying that some message has not change
- Go Package - jwt
go list -m -versions github.com/golang-jwt/jwt
- Go Package - uuid
- Go Package - bcrypt
# In 03-jwt folder
go get github.com/golang-jwt/jwt
- Hashing
- MD5 - don’t use
- SHA
- Bcrypt
- Scrypt
- Signing
- Symmetric Key
- HMAC
- same key to sign (encrypt) / verify (decrypt)
- Asymmetric Key
- RSA
- ECDSA - better than RSA; faster; smaller keys
- private key to sign (encrypt) / public key to verify (decrypt)
- JWT
- Symmetric Key
- Encryption
- Symmetric key
- AES
- Asymmetric Key
- RSA
- Symmetric key
- OAuth2 package
- create a config struct
- authcodeURL
- state is some string, anything, some unique ID for this login attempt
- returns string that you want to redirect your users to
- Exchange
- converts a code into a token
- TokenSource
- gives us a token source
- NewClient
- gives us an http client
- this client is authenticated with the oauth resource provider
- Hackernoon - Build your own OAuth2 Server in Go
- GitHub GraphQL API
- Github.com -> Settings -> Developer settings -> OAuth Apps
- Application name
- Homepage URL: https://example.com
- Authorization callback URL: http://localhost:8080/oauth2/receive