README
¶
negroni-oauth2 
Allows your Negroni application to support user login via an OAuth 2.0 backend. Requires negroni-sessions middleware.
Google, Facebook, LinkedIn and Github sign-in are currently supported.
Once endpoints are provided, this middleware can work with any OAuth 2.0 backend.
Usage
package main
import (
"fmt"
"net/http"
"github.com/codegangsta/negroni"
oauth2 "github.com/goincremental/negroni-oauth2"
sessions "github.com/goincremental/negroni-sessions"
"github.com/goincremental/negroni-sessions/cookiestore"
)
func main() {
secureMux := http.NewServeMux()
// Routes that require a logged in user
// can be protected by using a separate route handler
// If the user is not authenticated, they will be
// redirected to the login path.
secureMux.HandleFunc("/restrict", func(w http.ResponseWriter, req *http.Request) {
token := oauth2.GetToken(req)
fmt.Fprintf(w, "OK: %s", token.Access())
})
secure := negroni.New()
secure.Use(oauth2.LoginRequired())
secure.UseHandler(secureMux)
n := negroni.New()
n.Use(sessions.Sessions("my_session", cookiestore.New([]byte("secret123"))))
n.Use(oauth2.Google(&oauth2.Config{
ClientID: "client_id",
ClientSecret: "client_secret",
RedirectURL: "refresh_url",
Scopes: []string{"https://www.googleapis.com/auth/drive"},
}))
router := http.NewServeMux()
//routes added to mux do not require authentication
router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
token := oauth2.GetToken(req)
if token == nil || !token.Valid() {
fmt.Fprintf(w, "not logged in, or the access token is expired")
return
}
fmt.Fprintf(w, "logged in")
return
})
//There is probably a nicer way to handle this than repeat the restricted routes again
//of course, you could use something like gorilla/mux and define prefix / regex etc.
router.Handle("/restrict", secure)
n.UseHandler(router)
n.Run(":3000")
}
Auth flow
/loginwill redirect user to the OAuth 2.0 provider's permissions dialog. If there is anextquery param provided, user is redirected to the next page afterwards.- If user agrees to connect, OAuth 2.0 provider will redirect to
/oauth2callbackto let your app to make the handshake. You need to register/oauth2callbackas a Redirect URL in your application settings. /logoutwill log the user out. If there is anextquery param provided, user is redirected to the next page afterwards.
You can customize the login, logout, oauth2callback and error paths:
oauth2.PathLogin = "/oauth2login"
oauth2.PathLogout = "/oauth2logout"
...
Contributors
Derived from martini-contrib/oauth2
Documentation
¶
Index ¶
- func Facebook(config *Config) negroni.Handler
- func Github(config *Config) negroni.Handler
- func Google(config *Config) negroni.Handler
- func LinkedIn(config *Config) negroni.Handler
- func NewOAuth2Provider(config *Config, authUrl, tokenUrl string) negroni.Handler
- func SetToken(r *http.Request, t interface{})
- type Config
- type Oauth2Handler
- type Token
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewOAuth2Provider ¶
Returns a generic OAuth 2.0 backend endpoint.
Types ¶
type Oauth2Handler ¶
type Oauth2Handler struct {
Provider string
PathLogin string
PathLogout string
PathCallback string
PathError string
Config *oauth2.Config
}
func (*Oauth2Handler) ServeHTTP ¶
func (h *Oauth2Handler) ServeHTTP(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.