an http authentication API for the Go programming language. Integrates with 3rd party auth providers to add security to your web application.
go get github.com/dchest/authcookie
go get github.com/bradrydzewski/go.auth
Python's Tornado framework, specifically their auth module, was the main inspiration for this library.
THIS LIBRARY IS BEING ACTIVELY DEVELOPED. THE API IS CHANGING WEEKLY.
The following auth providers are supported:
- Github OAuth 2.0 demo
- Google OAuth 2.0 demo
- Google OpenId 2.0 demo
- Twitter OAuth 1.0a demo
- Bitbucket OAuth 1.0a demo
See the multi-provider demo application to provide your users multiple login options.
We plan to add support for the following providers:
Example program using the Github OAuth auth provider:
// Set the default authentication configuration parameters
auth.Config.CookieSecret = []byte("asdfasdfasfasdfasdfafsd")
auth.Config.LoginRedirect = "/auth/login" // send user here to login
auth.Config.LoginSuccessRedirect = "/private" // send user here post-login
auth.Config.CookieSecure = false // for local-testing only
// Create your login handler
githubHandler := auth.Github(githubAccessKey, githubSecretKey)
http.Handle("/auth/login", githubHandler)
// Example of a public http handler
http.HandleFunc("/public", Public)
// Example of a secured http handler
http.HandleFunc("/private", auth.SecureFunc(Private))
It is important to note that we have set auth.Config.CookieSecure
to false
because we are testing locally, without using SSL. In production this flag should
ALWAYS be set to true and used in conjunction with SSL.
The auth.SecureFunc
wraps a standard http.HandlerFunc
and injects the username
into the http request's r.URL.User.Username()
field:
func Private(w http.ResponseWriter, r *http.Request) {
user := r.URL.User.Username()
}
If you want additional user data you must implement our custom handler, and wrap
it with the auth.SecureUserFunc
. This adds an additional User
parameter to
your method signature that provides the full set of available user data:
func Private(w http.ResponseWriter, r *http.Request, u auth.User) {
username := u.Id()
fullname := u.Name()
avatar := u.Picture()
email := u.Email()
...
}
http.HandleFunc("/foo", auth.SecureUserFunc(Private))
go.auth
uses the following default parameters which can be configured:
Variable | Description | Default Value |
---|---|---|
auth.Config.CookieName | name of the secure cookie | "UID" |
auth.Config.CookieSecret | key used to encrypt the cookie value | nil |
auth.Config.CookieSecure | set the cookie's secure flag (true/false) | true |
auth.Config.CookieHttpOnly | set the cookie's HttpOnly flag (true/false) | true |
auth.Config.CookieExp | amount of time before cookie expires | time.Hour * 24 * 14 |
auth.Config.LoginRedirect | where to re-direct a user that is not authenticated | "/auth/login" |
auth.Config.LoginSuccessRedirect | where to re-direct a user once authenticated | "/" |
Example:
auth.Config.LoginRedirect = "/auth/login/google"