A comprehensive Go package that provides a unified interface for OAuth2 authentication across multiple providers. This package simplifies the integration of OAuth2 authentication in your Go applications by offering a consistent API for various OAuth2 providers.
- Unified interface for all OAuth2 providers
- Easy-to-use API
- Type-safe implementation
- Extensive provider support
- Built-in token management
- Standardized user information
- Customizable scopes
- Error handling
- Token refresh support
go get -u github.com/mstgnz/goauthHere's a simple example using GitHub OAuth2:
package main
import (
"log"
"net/http"
"github.com/mstgnz/goauth/initialize"
"golang.org/x/oauth2"
)
func main() {
// Initialize the provider
provider, err := initialize.NewProviderByName("github")
if err != nil {
log.Fatal(err)
}
// Configure the provider
provider.SetClientId("your-client-id")
provider.SetClientSecret("your-client-secret")
provider.SetRedirectUrl("http://localhost:8080/callback")
provider.SetScopes([]string{"read:user", "user:email"})
// Setup login handler
http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) {
url := provider.BuildAuthUrl("state", oauth2.AccessTypeOffline)
http.Redirect(w, r, url, http.StatusTemporaryRedirect)
})
// Setup callback handler
http.HandleFunc("/callback", func(w http.ResponseWriter, r *http.Request) {
// Exchange code for token
token, err := provider.FetchToken(r.URL.Query().Get("code"))
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
// Get user information
user, err := provider.FetchUser(token)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
log.Printf("Logged in user: %+v", user)
})
log.Fatal(http.ListenAndServe(":8080", nil))
}The package currently supports the following OAuth2 providers:
| Provider | Documentation |
|---|---|
| Apple | Apple Developer |
| Discord | Discord Developer |
| Facebook for Developers | |
| Gitea | Gitea Developer |
| Gitee | Gitee Developer |
| GitHub | GitHub Developer |
| GitLab | GitLab Developer |
| Google Identity Platform | |
| Instagram Graph API | |
| Kakao | Kakao Developers |
| LiveChat | LiveChat API |
| Mailcow | Mailcow API |
| Microsoft | Microsoft Identity Platform |
| OIDC | OpenID Connect |
| Patreon | Patreon API |
| Spotify | Spotify for Developers |
| Strava | Strava API |
| Twitch | Twitch Developers |
| X (Twitter) | X Developer |
| VK | VK API |
| Yandex | Yandex Passport API |
provider.SetScopes([]string{
"read:user",
"user:email",
"custom:scope",
})newToken, err := provider.RefreshToken(oldToken)
if err != nil {
log.Fatal(err)
}client := provider.Client(token)
resp, err := client.Get("https://api.provider.com/endpoint")-
Environment Variables: Store sensitive credentials in environment variables
provider.SetClientId(os.Getenv("OAUTH_CLIENT_ID")) provider.SetClientSecret(os.Getenv("OAUTH_CLIENT_SECRET"))
-
State Parameter: Always validate the state parameter
if r.URL.Query().Get("state") != expectedState { http.Error(w, "Invalid state parameter", http.StatusBadRequest) return }
-
Error Handling: Implement proper error handling
if err := provider.ValidateConfig(); err != nil { log.Fatal("Configuration error:", err) }
- Always use HTTPS in production
- Implement CSRF protection using the state parameter
- Store tokens securely
- Use environment variables for credentials
- Implement PKCE when available
- Keep scopes to minimum required
- Properly handle token expiration and refresh
We welcome contributions! Please see CONTRIBUTING.md for guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.
If you encounter any issues or have questions, please file an issue on the GitHub repository.