Documentation ¶
Overview ¶
Package oauth1 is a Go implementation of the OAuth1 spec RFC 5849.
It allows end-users to authorize a client (consumer) to access protected resources on their behalf (e.g. login) and allows clients to make signed and authorized requests on behalf of a user (e.g. API calls).
It takes design cues from golang.org/x/oauth2, providing an http.Client which handles request signing and authorization.
Usage ¶
Package oauth1 implements the OAuth1 authorization flow and provides an http.Client which can sign and authorize OAuth1 requests.
To implement "Login with X", use the https://github.com/dghubble/gologin packages which provide login handlers for OAuth1 and OAuth2 providers.
To call the Twitter, Digits, or Tumblr OAuth1 APIs, use the higher level Go API clients.
* https://github.com/dghubble/go-twitter * https://github.com/dghubble/go-digits * https://github.com/benfb/go-tumblr
Authorization Flow ¶
Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token.
import ( "github.com/dghubble/oauth1" "github.com/dghubble/oauth1/twitter"" ) ... config := oauth1.Config{ ConsumerKey: "consumerKey", ConsumerSecret: "consumerSecret", CallbackURL: "http://mysite.com/oauth/twitter/callback", Endpoint: twitter.AuthorizeEndpoint, }
1. When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials).
requestToken, requestSecret, err = config.RequestToken() // handle err
2. Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access.
authorizationURL, err := config.AuthorizationURL(requestToken) // handle err http.Redirect(w, req, authorizationURL.String(), http.StatusFound)
Receive the callback from the OAuth1 provider in a handler.
requestToken, verifier, err := oauth1.ParseAuthorizationCallback(req) // handle err
3. Acquire the access token (token credentials) which can later be used to make requests on behalf of the user.
accessToken, accessSecret, err := config.AccessToken(requestToken, requestSecret, verifier) // handle error token := oauth1.NewToken(accessToken, accessSecret)
Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login.
Authorized Requests ¶
Use an access Token to make authorized requests on behalf of a user.
import ( "github.com/dghubble/oauth1" ) func main() { config := oauth1.NewConfig("consumerKey", "consumerSecret") token := oauth1.NewToken("token", "tokenSecret") // httpClient will automatically authorize http.Request's httpClient := config.Client(token) // example Twitter API request path := "https://api.twitter.com/1.1/statuses/home_timeline.json?count=2" resp, _ := httpClient.Get(path) defer resp.Body.Close() body, _ := ioutil.ReadAll(resp.Body) fmt.Printf("Raw Response Body:\n%v\n", string(body)) }
Check the examples to see Twitter and Tumblr requests in action.
Index ¶
- Variables
- func NewClient(ctx context.Context, config *Config, token *Token) *http.Client
- func ParseAuthorizationCallback(req *http.Request) (requestToken, verifier string, err error)
- func PercentEncode(input string) string
- type Base64Noncer
- type Config
- func (c *Config) AccessToken(requestToken, requestSecret, verifier string) (accessToken, accessSecret string, err error)
- func (c *Config) AuthorizationURL(requestToken string) (*url.URL, error)
- func (c *Config) Client(ctx context.Context, t *Token) *http.Client
- func (c *Config) RequestToken() (requestToken, requestSecret string, err error)
- type Endpoint
- type HMAC256Signer
- type HMACSigner
- type HexNoncer
- type Noncer
- type RSASigner
- type Signer
- type Token
- type TokenSource
- type Transport
Constants ¶
This section is empty.
Variables ¶
var HTTPClient contextKey
HTTPClient is the context key to associate an *http.Client value with a context.
var NoContext = context.TODO()
NoContext is the default context to use in most cases.
Functions ¶
func ParseAuthorizationCallback ¶
ParseAuthorizationCallback parses an OAuth1 authorization callback request from a provider server. The oauth_token and oauth_verifier parameters are parsed to return the request token from earlier in the flow and the verifier string. See RFC 5849 2.2 Resource Owner Authorization.
func PercentEncode ¶
PercentEncode percent encodes a string according to RFC 3986 2.1.
Types ¶
type Base64Noncer ¶ added in v0.7.0
type Base64Noncer struct{}
Base64Noncer reads 32 bytes from crypto/rand and returns those bytes as a base64 encoded string.
func (Base64Noncer) Nonce ¶ added in v0.7.0
func (n Base64Noncer) Nonce() string
Nonce provides a random nonce string.
type Config ¶
type Config struct { // Consumer Key (Client Identifier) ConsumerKey string // Consumer Secret (Client Shared-Secret) ConsumerSecret string // Callback URL CallbackURL string // Provider Endpoint specifying OAuth1 endpoint URLs Endpoint Endpoint // Realm of authorization Realm string // OAuth1 Signer (defaults to HMAC-SHA1) Signer Signer // Noncer creates request nonces (defaults to DefaultNoncer) Noncer Noncer // HTTPClient overrides the choice of http.DefaultClient for RequestToken and AccessToken HTTPClient *http.Client }
Config represents an OAuth1 consumer's (client's) key and secret, the callback URL, and the provider Endpoint to which the consumer corresponds.
func (*Config) AccessToken ¶
func (c *Config) AccessToken(requestToken, requestSecret, verifier string) (accessToken, accessSecret string, err error)
AccessToken obtains an access token (token credential) by POSTing a request (with oauth_token and oauth_verifier in the auth header) to the Endpoint AccessTokenURL. Returns the access token and secret (token credentials). See RFC 5849 2.3 Token Credentials.
func (*Config) AuthorizationURL ¶
AuthorizationURL accepts a request token and returns the *url.URL to the Endpoint's authorization page that asks the user (resource owner) for to authorize the consumer to act on his/her/its behalf. See RFC 5849 2.2 Resource Owner Authorization.
func (*Config) RequestToken ¶
RequestToken obtains a Request token and secret (temporary credential) by POSTing a request (with oauth_callback in the auth header) to the Endpoint RequestTokenURL. The response body form is validated to ensure oauth_callback_confirmed is true. Returns the request token and secret (temporary credentials). See RFC 5849 2.1 Temporary Credentials.
type Endpoint ¶
type Endpoint struct { // Request URL (Temporary Credential Request URI) RequestTokenURL string // Authorize URL (Resource Owner Authorization URI) AuthorizeURL string // Access Token URL (Token Request URI) AccessTokenURL string }
Endpoint represents an OAuth1 provider's (server's) request token, owner authorization, and access token request URLs.
type HMAC256Signer ¶ added in v0.7.0
type HMAC256Signer struct {
ConsumerSecret string
}
HMAC256Signer signs messages with an HMAC SHA256 digest, using the concatenated consumer secret and token secret as the key.
func (*HMAC256Signer) Name ¶ added in v0.7.0
func (s *HMAC256Signer) Name() string
Name returns the HMAC-SHA256 method.
type HMACSigner ¶ added in v0.4.0
type HMACSigner struct {
ConsumerSecret string
}
HMACSigner signs messages with an HMAC SHA1 digest, using the concatenated consumer secret and token secret as the key.
func (*HMACSigner) Name ¶ added in v0.4.0
func (s *HMACSigner) Name() string
Name returns the HMAC-SHA1 method.
type HexNoncer ¶ added in v0.7.0
type HexNoncer struct{}
HexNoncer reads 32 bytes from crypto/rand and returns those bytes as a base64 encoded string.
type Noncer ¶ added in v0.7.0
type Noncer interface {
Nonce() string
}
Noncer provides random nonce strings.
type RSASigner ¶ added in v0.4.0
type RSASigner struct {
PrivateKey *rsa.PrivateKey
}
RSASigner RSA PKCS1-v1_5 signs SHA1 digests of messages using the given RSA private key.
type Signer ¶
type Signer interface { // Name returns the name of the signing method. Name() string // Sign signs the message using the given secret key. Sign(key string, message string) (string, error) }
A Signer signs messages to create signed OAuth1 Requests.
type Token ¶
Token is an AccessToken (token credential) which allows a consumer (client) to access resources from an OAuth1 provider server.
type TokenSource ¶
A TokenSource can return a Token.
func StaticTokenSource ¶
func StaticTokenSource(token *Token) TokenSource
StaticTokenSource returns a TokenSource which always returns the same Token. This is appropriate for tokens which do not have a time expiration.
type Transport ¶
type Transport struct { // Base is the base RoundTripper used to make HTTP requests. If nil, then // http.DefaultTransport is used Base http.RoundTripper // contains filtered or unexported fields }
Transport is an http.RoundTripper which makes OAuth1 HTTP requests. It wraps a base RoundTripper and adds an Authorization header using the token from a TokenSource.
Transport is a low-level component, most users should use Config to create an http.Client instead.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package discogs provides constants for using OAuth1 to access Discogs.
|
Package discogs provides constants for using OAuth1 to access Discogs. |
Package dropbox provides constants for using OAuth1 to access Dropbox.
|
Package dropbox provides constants for using OAuth1 to access Dropbox. |
examples
module
|
|
Package tumblr provides constants for using OAuth 1 to access Tumblr.
|
Package tumblr provides constants for using OAuth 1 to access Tumblr. |
Package twitter provides constants for using OAuth1 to access Twitter.
|
Package twitter provides constants for using OAuth1 to access Twitter. |
Package xing provides constants for using OAuth1 to access Xing.
|
Package xing provides constants for using OAuth1 to access Xing. |