-
Notifications
You must be signed in to change notification settings - Fork 55
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
hajyahya
committed
Feb 28, 2022
1 parent
9d1ed1c
commit e65b88e
Showing
2 changed files
with
132 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| # Oauth2 and OpenID | ||
| Oauth2 and OpenID is an example usage of goguardian oauth2 package. the example provides a simple REST API for a login using google oauth2 and an api to query a book author by id. | ||
|
|
||
| # Getting Started | ||
| 1. [https://www.balbooa.com/gridbox-documentation/how-to-get-google-client-id-and-client-secret](create google oauth2 client id and secret) | ||
| 2. run example | ||
| ```sh | ||
| CLIENT_ID="" CLIENT_SECRET="" go run main.go | ||
| ``` | ||
| 3. open web browser and hit http://127.0.0.1:8080/v1/auth/login. | ||
| 4. login using your google. | ||
| 5. copy the token | ||
| 6. http://127.0.0.1:8080/v1/book/1449311601?token=<paste token> | ||
|
|
||
| **Note:** you may encounter `strategies/oauth2/jwt: claims: standard claims issued at a future time` so wait a few seconds until token activated. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,117 @@ | ||
| // Copyright 2022 The Go-Guardian. All rights reserved. | ||
| // Use of this source code is governed by a MIT | ||
| // license that can be found in the LICENSE file. | ||
|
|
||
| package main | ||
|
|
||
| import ( | ||
| "context" | ||
| "crypto/rand" | ||
| "encoding/base64" | ||
| "fmt" | ||
| "log" | ||
| "net/http" | ||
| "os" | ||
| "time" | ||
|
|
||
| "github.com/gorilla/mux" | ||
| "github.com/shaj13/libcache" | ||
| _ "github.com/shaj13/libcache/fifo" | ||
| "golang.org/x/oauth2" | ||
| "golang.org/x/oauth2/google" | ||
|
|
||
| "github.com/shaj13/go-guardian/v2/auth" | ||
| "github.com/shaj13/go-guardian/v2/auth/strategies/oauth2/jwt" | ||
| "github.com/shaj13/go-guardian/v2/auth/strategies/token" | ||
| ) | ||
|
|
||
| var strategy auth.Strategy | ||
| var oauthConfig = &oauth2.Config{ | ||
| RedirectURL: "http://127.0.0.1:8080/v1/auth/grant", | ||
| ClientID: os.Getenv("CLIENT_ID"), | ||
| ClientSecret: os.Getenv("CLIENT_SECRET"), | ||
| Scopes: []string{"openid"}, | ||
| Endpoint: google.Endpoint, | ||
| } | ||
|
|
||
| func main() { | ||
| setupGoGuardian() | ||
| router := mux.NewRouter() | ||
| router.HandleFunc("/v1/book/{id}", middleware(http.HandlerFunc(getBookAuthor))).Methods("GET") | ||
| router.HandleFunc("/v1/auth/login", http.HandlerFunc(oauth2Login)).Methods("GET") | ||
| router.HandleFunc("/v1/auth/grant", http.HandlerFunc(oauth2Grant)).Methods("GET") | ||
| log.Println("server started and listening on http://127.0.0.1:8080") | ||
| http.ListenAndServe("127.0.0.1:8080", router) | ||
| } | ||
|
|
||
| func oauth2Login(w http.ResponseWriter, r *http.Request) { | ||
| expiration := time.Now().Add(20 * time.Minute) | ||
| buf := make([]byte, 16) | ||
| rand.Read(buf) | ||
| state := base64.URLEncoding.EncodeToString(buf) | ||
| cookie := http.Cookie{Name: "oauthstate", Value: state, Expires: expiration} | ||
| http.SetCookie(w, &cookie) | ||
| url := oauthConfig.AuthCodeURL(state) | ||
| http.Redirect(w, r, url, http.StatusTemporaryRedirect) | ||
| } | ||
|
|
||
| func oauth2Grant(w http.ResponseWriter, r *http.Request) { | ||
| oauthState, _ := r.Cookie("oauthstate") | ||
| code := r.FormValue("code") | ||
| if r.FormValue("state") != oauthState.Value { | ||
| log.Println("invalid oauth google state") | ||
| http.Redirect(w, r, "/", http.StatusTemporaryRedirect) | ||
| return | ||
| } | ||
|
|
||
| // use code to get token. | ||
| token, err := oauthConfig.Exchange(context.Background(), code) | ||
| if err != nil { | ||
| http.Error(w, err.Error(), http.StatusInternalServerError) | ||
| return | ||
| } | ||
|
|
||
| w.Write([]byte("successful logon; \n")) | ||
| w.Write([]byte("token: \n")) | ||
| w.Write([]byte(token.Extra("id_token").(string))) | ||
| w.Write([]byte("\n Note: use the granted token in url query (?token=);")) | ||
| } | ||
|
|
||
| func getBookAuthor(w http.ResponseWriter, r *http.Request) { | ||
| vars := mux.Vars(r) | ||
| id := vars["id"] | ||
| books := map[string]string{ | ||
| "1449311601": "Ryan Boyd", | ||
| "148425094X": "Yvonne Wilson", | ||
| "1484220498": "Prabath Siriwarden", | ||
| } | ||
| body := fmt.Sprintf("Author: %s \n", books[id]) | ||
| w.Write([]byte(body)) | ||
| } | ||
|
|
||
| func setupGoGuardian() { | ||
| cache := libcache.FIFO.New(0) | ||
| cache.SetTTL(time.Minute * 5) | ||
| cache.RegisterOnExpired(func(key, _ interface{}) { | ||
| cache.Peek(key) | ||
| }) | ||
| parser := token.QueryParser("token") | ||
| opt := token.SetParser(parser) | ||
| strategy = jwt.New("https://www.googleapis.com/oauth2/v3/certs", cache, opt) | ||
| } | ||
|
|
||
| func middleware(next http.Handler) http.HandlerFunc { | ||
| return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
| log.Println("Executing Auth Middleware") | ||
| user, err := strategy.Authenticate(r.Context(), r) | ||
| if err != nil { | ||
| fmt.Println(err) | ||
| code := http.StatusUnauthorized | ||
| http.Error(w, http.StatusText(code), code) | ||
| return | ||
| } | ||
| log.Printf("User %s Authenticated\n", user.GetUserName()) | ||
| r = auth.RequestWithUser(user, r) | ||
| next.ServeHTTP(w, r) | ||
| }) | ||
| } |