Documentation ¶
Overview ¶
Package oauthorizer helps implement the client side of the oauth2 authorization flow. This package has only been tested against google endpoints (e.g. Google Calendar)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CLIGetClient ¶
CLIGetClient returns an http client, configured for oauth2 access. If authorization was previously granted, the previously saved token will be used. Otherwise the user will be asked via stdout to point their browser at a url to grant access. After they grant access, they will be taken to a web page that gives them a code, which they can then paste into stdin.
Types ¶
type FileStorer ¶
type FileStorer struct {
Filename string
}
FileStorer knows how to save/restore bytes to/from a file. It is a good choice to use this with GetCLIClient.
type RedirectError ¶
RedirectError is a type of error that can be handled by redirecting a client to a url.
type Storer ¶
type Storer interface { Save(ctx context.Context, b []byte) error Restore(ctx context.Context) ([]byte, error) }
Storer knows how to save/restore byte slices
type WebHelper ¶
type WebHelper struct { Config *oauth2.Config // Knows how to store and retrieve temporary values that is used // for the oauth2 state parameter. There will be an active nonce // for each in-flight authorization request. It is ok to delete // the nonce after authorization finishes (succeeds or fails). // This library never deletes a nonce, but will overwrite the last // one whenever we restart authorization. Required. NonceStore Storer // Knows how to store and retrieve oauth2 tokens. Currently these // are only written once, after authorization succeeds. Required. TokenStore Storer // Optional way to configure the authorization url used to start // the authorization flow. Opts []oauth2.AuthCodeOption }
WebHelper helps to navigate through the oauth2 process. Typically you would call GetClient before needing to access a resource. If there it returns nil, you could call GenAuthURL and redirect the browser to that.
If the users grants access to the resource, the browser will be redirected to the url listed in the Config. In that handler, you can call Exchange and if it succeeds, you can redirect back to the handler that needs to access the resource.
Below is a sketch that demonstrates an expected use-case.
func HandleMain(w http.ResponseWriter, r *http.Request) { ctx := r.Context() webHelper := getWebHelper() client := webHelper.GetClient(ctx) if client == nil { url, err := webHelper.GenAuthURL(ctx) if err != nil { writeError(w, http.StatusInternalServerError) return } http.Redirect(w, r, url, http.StatusTemporaryRedirect) return } // use client to access our resource } func HandleOauthCallback(w http.ResponseWriter, r *http.Request) { ctx := r.Context() webHelper := getWebHelper() if err = oh.Exchange(ctx, r); err != nil { writeError(w, http.StatusInternalServerError) return } http.Redirect(w, r, urlOfMainHandler, http.StatusTemporaryRedirect) }
func (*WebHelper) Exchange ¶
Exchange exchanges an authorization code for a token, after verifying the state is the same we previously saved. If this returns without an error, you can call GetClient to get a client with the token configured.
func (*WebHelper) GenAuthURL ¶
GenAuthURL Generates a new authorization URL. Note that this has the side effect of saving the associated nonce.