An implementation of OAuth 1.0a in Go1.
Run:
go get github.com/kurrik/oauth1a
Include in your source:
import "github.com/kurrik/oauth1a"
Clone this repository, then run:
go test -short
in the oauth1a
directory. To run an integration test, create a file named
CREDENTIALS in the library directory. There should be four lines in this file,
in the following format:
<Twitter consumer key>
<Twitter consumer secret>
<Twitter access token>
<Twitter access token secret>
Then run:
go test
This will run an integration test against the Twitter
/account/verify_credentials.json
endpoint.
A good approach wil be to check oauth1a_test.go
for usage.
As a vague example, here is code to configure the library for accessing Twitter:
service := &oauth1a.Service{
RequestURL: "https://api.twitter.com/oauth/request_token",
AuthorizeURL: "https://api.twitter.com/oauth/request_token",
AccessURL: "https://api.twitter.com/oauth/request_token",
ClientConfig: &oauth1a.ClientConfig{
ConsumerKey: "<your Twitter consumer key>",
ConsumerSecret: "<your Twitter consumer secret>",
CallbackURL: "<your Twitter callback URL>",
},
Signer: new(oauth1a.HmacSha1Signer),
}
To obtain user credentials:
httpClient := new(http.Client)
ctx := context.Background()
userConfig := &oauth1a.UserConfig{}
userConfig.GetRequestToken(ctx, service, httpClient)
url, _ := userConfig.GetAuthorizeURL(service)
var token string
var verifier string
// Redirect the user to <url> and parse out token and verifier from the response.
userConfig.GetAccessToken(ctx, token, verifier, service, httpClient)
Or if you have existing credentials:
token := "<your access token>"
secret := "<your access token secret>"
userConfig := NewAuthorizedConfig(token, secret)
To send an authenticated request:
httpRequest, _ := http.NewRequest("GET", "https://api.twitter.com/1/account/verify_credentials.json", nil)
service.Sign(httpRequest, userConfig)
var httpResponse *http.Response
var err error
httpResponse, err = httpClient.Do(httpRequest)
github.com/twittergo-examples/sign_in/main.go - A three legged example which uses Twitter's API. To run, cd to the examples directory and then run:
go run main.go -key=<TWITTER_CONSUMER_KEY> -secret=<TWITTER_CONSUMER_SECRET>
This will host a server on localhost:10000
(use the -port
flag to change the
port this runs on). Navigate to http://localhost:10000
and then follow the
sign in flow.
Note that this example implements a rudimentary session mechanism so that the callback can be matched to the user who initiated the sign in session. Otherwise, it would be possible for one user to initiate a sign in session and another user to complete it. This is a best practice but imposes a requirement for the auth flow to be stateful. If you understand the risks in removing this check from your application, it is possible to implement the flow in a stateless manner.
Version | Changes |
---|---|
v0.1.0 | Initial library version. |
v0.1.1 | Added context support. |
Versions are released with:
git tag v0.1.0
git push origin v0.1.0