An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.
+--------+ +---------------+
| |--(A)- Authorization Request ->| Resource |
| | | Owner |
| |<-(B)-- Authorization Grant ---| |
| | +---------------+
| |
| | +---------------+
| |--(C)-- Authorization Grant -->| Authorization |
| Client | | Server |
| |<-(D)----- Access Token -------| |
| | +---------------+
| |
| | +---------------+
| |--(E)----- Access Token ------>| Resource |
| | | Server |
| |<-(F)--- Protected Resource ---| |
+--------+ +---------------+
$ go get -u gopkg.in/oauth2.v3/...
package main
import (
"log"
"net/http"
"gopkg.in/oauth2.v3/manage"
"gopkg.in/oauth2.v3/server"
"gopkg.in/oauth2.v3/store"
)
func main() {
manager := manage.NewDefaultManager()
// token memory store
manager.MustTokenStorage(store.NewMemoryTokenStore())
// client test store
manager.MapClientStorage(store.NewTestClientStore())
srv := server.NewDefaultServer(manager)
srv.SetAllowGetAccessRequest(true)
srv.SetClientInfoHandler(server.ClientFormHandler)
srv.SetInternalErrorHandler(func(err error) {
log.Println("OAuth2 Error:", err.Error())
})
http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
err := srv.HandleAuthorizeRequest(w, r)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
}
})
http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
srv.HandleTokenRequest(w, r)
})
http.ListenAndServe(":9096", nil)
}
$ go build server.go
$ ./server
http://localhost:9096/token?grant_type=client_credentials&client_id=1&client_secret=11&scope=read
{
"access_token": "ACPT7UYYNVWS2OAPFOHVUW",
"expires_in": 7200,
"scope": "read",
"token_type": "Bearer"
}
- Easy to use
- Based on the RFC 6749 implementation
- Token storage support TTL
- Support custom extension field
- Support custom scope
- Support custom expiration time of the access token
A complete example of simulation authorization code model
Simulation examples of authorization code model, please check example
Copyright (c) 2016 Lyric