github.com/belua/oauth1
Package oauth1 is a Go implementation of the OAuth1 spec RFC 5849. It allows end-users to authorize a client (consumer) to access protected resources on their behalf (e.g. login) and allows clients to make signed and authorized requests on behalf of a user (e.g. API calls). It takes design cues from golang.org/x/oauth2, providing an http.Client which handles request signing and authorization. Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token. 1. When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials). 2. Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access. Receive the callback from the OAuth1 provider in a handler. 3. Acquire the access token (token credentials) which can later be used to make requests on behalf of the user. Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login. Use an access Token to make authorized requests on behalf of a user. Check the examples to see Twitter and Tumblr requests in action. To implement "Login with X", you may wish to use the https://github.com/dghubble/gologin packages which provide login handlers for OAuth1 and OAuth2 providers. To make requests to Twitter or Tumblr, you may wish to use the https://github.com/dghubble/go-twitter and https://github.com/benfb/go-tumblr Go API clients.
Readme
OAauth1 is a Go implementation of the OAuth 1 spec.
It allows end-users to authorize a client (consumer) to access protected resources on their behalf (e.g. login) and allows clients to make signed and authorized requests on behalf of a user (e.g. API calls).
It takes design cues from golang.org/x/oauth2, providing an http.Client which handles request signing and authorization.
go get github.com/dghubble/oauth1
Read GoDoc
Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token.
import (
"github.com/dghubble/oauth1"
"github.com/dghubble/oauth1/twitter""
)
...
config := oauth1.Config{
ConsumerKey: "consumerKey",
ConsumerSecret: "consumerSecret",
CallbackURL: "http://mysite.com/oauth/twitter/callback",
Endpoint: twitter.AuthorizeEndpoint,
}
When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials).
requestToken, requestSecret, err = config.RequestToken()
// handle err
Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access.
authorizationURL, err := config.AuthorizationURL(requestToken)
// handle err
http.Redirect(w, req, authorizationURL.String(), htt.StatusFound)
Receive the callback from the OAuth1 provider in a handler.
requestToken, verifier, err := oauth1.ParseAuthorizationCallback(req)
// handle err
Acquire the access token (token credentials) which can later be used to make requests on behalf of the user.
accessToken, accessSecret, err := config.AccessToken(requestToken, requestSecret, verifier)
// handle error
token := NewToken(accessToken, accessSecret)
Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login.
Use an access Token to make authorized requests on behalf of a user.
import (
"github.com/dghubble/oauth1"
)
func main() {
config := oauth1.NewConfig("consumerKey", "consumerSecret")
token := oauth1.NewToken("token", "tokenSecret")
// httpClient will automatically authorize http.Request's
httpClient := config.Client(token)
// example Twitter API request
path := "https://api.twitter.com/1.1/statuses/home_timeline.json?count=2"
resp, _ := httpClient.Get(path)
defer resp.Body.Close()
body, _ := ioutil.ReadAll(resp.Body)
fmt.Printf("Raw Response Body:\n%v\n", string(body))
}
Check the examples to see Twitter and Tumblr requests in action.
To implement "Login with X", you may wish to use the gologin packages which provide login handlers for OAuth1 and OAuth2 providers.
To make requests, you may wish to use the Twitter and Tumblr Go API clients.
An Endpoint groups an OAuth provider's token and authorization URLs.Endpoints for common providers are provided in subpackages.
A Config stores a consumer application's consumer key and secret, the callback URL, and the Endpoint to which the consumer is registered. It provides OAuth1 authorization flow methods.
An OAuth1 Token is an access token which allows requests to be made as a particular user. See [Authorized Requests](#Authorized Requests) for details.
If you've used golang.org/x/oauth2 before, this organization is similar.
See the Contributing Guide.
FAQs
Package oauth1 is a Go implementation of the OAuth1 spec RFC 5849. It allows end-users to authorize a client (consumer) to access protected resources on their behalf (e.g. login) and allows clients to make signed and authorized requests on behalf of a user (e.g. API calls). It takes design cues from golang.org/x/oauth2, providing an http.Client which handles request signing and authorization. Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token. 1. When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials). 2. Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access. Receive the callback from the OAuth1 provider in a handler. 3. Acquire the access token (token credentials) which can later be used to make requests on behalf of the user. Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login. Use an access Token to make authorized requests on behalf of a user. Check the examples to see Twitter and Tumblr requests in action. To implement "Login with X", you may wish to use the https://github.com/dghubble/gologin packages which provide login handlers for OAuth1 and OAuth2 providers. To make requests to Twitter or Tumblr, you may wish to use the https://github.com/dghubble/go-twitter and https://github.com/benfb/go-tumblr Go API clients.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.