package module
Version: v3.9.2+incompatible Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Dec 5, 2018 License: MIT Imports: 2 Imported by: 0


Golang OAuth 2.0 Server

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.

Build Codecov ReportCard GoDoc License

Protocol Flow

     +--------+                               +---------------+
     |        |--(A)- Authorization Request ->|   Resource    |
     |        |                               |     Owner     |
     |        |<-(B)-- Authorization Grant ---|               |
     |        |                               +---------------+
     |        |
     |        |                               +---------------+
     |        |--(C)-- Authorization Grant -->| Authorization |
     | Client |                               |     Server    |
     |        |<-(D)----- Access Token -------|               |
     |        |                               +---------------+
     |        |
     |        |                               +---------------+
     |        |--(E)----- Access Token ------>|    Resource   |
     |        |                               |     Server    |
     |        |<-(F)--- Protected Resource ---|               |
     +--------+                               +---------------+

Quick Start

Download and install
go get -u -v gopkg.in/oauth2.v3/...
Create file server.go
package main

import (


func main() {
	manager := manage.NewDefaultManager()
	// token memory store

	// client memory store
	clientStore := store.NewClientStore()
	clientStore.Set("000000", &models.Client{
		ID:     "000000",
		Secret: "999999",
		Domain: "http://localhost",

	srv := server.NewDefaultServer(manager)

	srv.SetInternalErrorHandler(func(err error) (re *errors.Response) {
		log.Println("Internal Error:", err.Error())

	srv.SetResponseErrorHandler(func(re *errors.Response) {
		log.Println("Response Error:", re.Error.Error())

	http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
		err := srv.HandleAuthorizeRequest(w, r)
		if err != nil {
			http.Error(w, err.Error(), http.StatusBadRequest)

	http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
		srv.HandleTokenRequest(w, r)

	log.Fatal(http.ListenAndServe(":9096", nil))

Build and run
go build server.go

Open in your web browser


    "access_token": "J86XVRYSNFCFI233KXDL0Q",
    "expires_in": 7200,
    "scope": "read",
    "token_type": "Bearer"


  • Easy to use
  • Based on the RFC 6749 implementation
  • Token storage support TTL
  • Support custom expiration time of the access token
  • Support custom extension field
  • Support custom scope
  • Support jwt to generate access tokens


A complete example of simulation authorization code model

Simulation examples of authorization code model, please check example

Use jwt to generate access tokens

import "gopkg.in/oauth2.v3/generates"
import "github.com/dgrijalva/jwt-go"

// ...
manager.MapAccessGenerate(generates.NewJWTAccessGenerate([]byte("00000000"), jwt.SigningMethodHS512))

// Verify jwt access token
token, err := jwt.ParseWithClaims(access, &generates.JWTAccessClaims{}, func(t *jwt.Token) (interface{}, error) {
	if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
		return nil, fmt.Errorf("parse error")
	return []byte("00000000"), nil
if err != nil {

claims, ok := token.Claims.(*generates.JWTAccessClaims)
if !ok || !token.Valid {
	panic("invalid token")

Store Implements

MIT License

Copyright (c) 2016 Lyric




This section is empty.


This section is empty.


This section is empty.


type AccessGenerate

type AccessGenerate interface {
	Token(data *GenerateBasic, isGenRefresh bool) (access, refresh string, err error)

AccessGenerate generate the access and refresh tokens interface

type AuthorizeGenerate

type AuthorizeGenerate interface {
	Token(data *GenerateBasic) (code string, err error)

AuthorizeGenerate generate the authorization code interface

type ClientInfo

type ClientInfo interface {
	GetID() string
	GetSecret() string
	GetDomain() string
	GetUserID() string

ClientInfo the client information model interface

type ClientStore

type ClientStore interface {
	// according to the ID for the client information
	GetByID(id string) (ClientInfo, error)

ClientStore the client information storage interface

type GenerateBasic

type GenerateBasic struct {
	Client    ClientInfo
	UserID    string
	CreateAt  time.Time
	TokenInfo TokenInfo
	Request   *http.Request

GenerateBasic provide the basis of the generated token data

type GrantType

type GrantType string

GrantType authorization model

const (
	AuthorizationCode   GrantType = "authorization_code"
	PasswordCredentials GrantType = "password"
	ClientCredentials   GrantType = "client_credentials"
	Refreshing          GrantType = "refresh_token"
	Implicit            GrantType = "__implicit"

define authorization model

func (GrantType) String

func (gt GrantType) String() string

type Manager

type Manager interface {
	// get the client information
	GetClient(clientID string) (cli ClientInfo, err error)

	// generate the authorization token(code)
	GenerateAuthToken(rt ResponseType, tgr *TokenGenerateRequest) (authToken TokenInfo, err error)

	// generate the access token
	GenerateAccessToken(rt GrantType, tgr *TokenGenerateRequest) (accessToken TokenInfo, err error)

	// refreshing an access token
	RefreshAccessToken(tgr *TokenGenerateRequest) (accessToken TokenInfo, err error)

	// use the access token to delete the token information
	RemoveAccessToken(access string) (err error)

	// use the refresh token to delete the token information
	RemoveRefreshToken(refresh string) (err error)

	// according to the access token for corresponding token information
	LoadAccessToken(access string) (ti TokenInfo, err error)

	// according to the refresh token for corresponding token information
	LoadRefreshToken(refresh string) (ti TokenInfo, err error)

Manager authorization management interface

type ResponseType

type ResponseType string

ResponseType the type of authorization request

const (
	Code  ResponseType = "code"
	Token ResponseType = "token"

define the type of authorization request

func (ResponseType) String

func (rt ResponseType) String() string

type TokenGenerateRequest

type TokenGenerateRequest struct {
	ClientID       string
	ClientSecret   string
	UserID         string
	RedirectURI    string
	Scope          string
	Code           string
	Refresh        string
	AccessTokenExp time.Duration
	Request        *http.Request

TokenGenerateRequest provide to generate the token request parameters

type TokenInfo

type TokenInfo interface {
	New() TokenInfo

	GetClientID() string
	GetUserID() string
	GetRedirectURI() string
	GetScope() string

	GetCode() string
	GetCodeCreateAt() time.Time
	GetCodeExpiresIn() time.Duration

	GetAccess() string
	GetAccessCreateAt() time.Time
	GetAccessExpiresIn() time.Duration

	GetRefresh() string
	GetRefreshCreateAt() time.Time
	GetRefreshExpiresIn() time.Duration

TokenInfo the token information model interface

type TokenStore

type TokenStore interface {
	// create and store the new token information
	Create(info TokenInfo) error

	// delete the authorization code
	RemoveByCode(code string) error

	// use the access token to delete the token information
	RemoveByAccess(access string) error

	// use the refresh token to delete the token information
	RemoveByRefresh(refresh string) error

	// use the authorization code for token information data
	GetByCode(code string) (TokenInfo, error)

	// use the access token for token information data
	GetByAccess(access string) (TokenInfo, error)

	// use the refresh token for token information data
	GetByRefresh(refresh string) (TokenInfo, error)

TokenStore the token information storage interface


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL