github.com/kurrik/oauth1a
Readme
An implementation of OAuth 1.0a in Go1.
Run:
go get github.com/kurrik/oauth1a
Include in your source:
import "github.com/kurrik/oauth1a"
Clone this repository, then run:
go test -short
in the oauth1a directory. To run an integration test, create a file named
CREDENTIALS in the library directory. There should be four lines in this file,
in the following format:
<Twitter consumer key>
<Twitter consumer secret>
<Twitter access token>
<Twitter access token secret>
Then run:
go test
This will run an integration test against the Twitter
/account/verify_credentials.json endpoint.
A good approach wil be to check oauth1a_test.go for usage.
As a vague example, here is code to configure the library for accessing Twitter:
service := &oauth1a.Service{
RequestURL: "https://api.twitter.com/oauth/request_token",
AuthorizeURL: "https://api.twitter.com/oauth/request_token",
AccessURL: "https://api.twitter.com/oauth/request_token",
ClientConfig: &oauth1a.ClientConfig{
ConsumerKey: "<your Twitter consumer key>",
ConsumerSecret: "<your Twitter consumer secret>",
CallbackURL: "<your Twitter callback URL>",
},
Signer: new(oauth1a.HmacSha1Signer),
}
To obtain user credentials:
httpClient := new(http.Client)
ctx := context.Background()
userConfig := &oauth1a.UserConfig{}
userConfig.GetRequestToken(ctx, service, httpClient)
url, _ := userConfig.GetAuthorizeURL(service)
var token string
var verifier string
// Redirect the user to <url> and parse out token and verifier from the response.
userConfig.GetAccessToken(ctx, token, verifier, service, httpClient)
Or if you have existing credentials:
token := "<your access token>"
secret := "<your access token secret>"
userConfig := NewAuthorizedConfig(token, secret)
To send an authenticated request:
httpRequest, _ := http.NewRequest("GET", "https://api.twitter.com/1/account/verify_credentials.json", nil)
service.Sign(httpRequest, userConfig)
var httpResponse *http.Response
var err error
httpResponse, err = httpClient.Do(httpRequest)
github.com/twittergo-examples/sign_in/main.go - A three legged example which uses Twitter's API. To run, cd to the examples directory and then run:
go run main.go -key=<TWITTER_CONSUMER_KEY> -secret=<TWITTER_CONSUMER_SECRET>
This will host a server on localhost:10000 (use the -port flag to change the
port this runs on). Navigate to http://localhost:10000 and then follow the
sign in flow.
Note that this example implements a rudimentary session mechanism so that the callback can be matched to the user who initiated the sign in session. Otherwise, it would be possible for one user to initiate a sign in session and another user to complete it. This is a best practice but imposes a requirement for the auth flow to be stateful. If you understand the risks in removing this check from your application, it is possible to implement the flow in a stateless manner.
| Version | Changes |
|---|---|
| v0.1.0 | Initial library version. |
| v0.1.1 | Added context support. |
Versions are released with:
git tag v0.1.0
git push origin v0.1.0
FAQs
Package oauth1a implements the OAuth 1.0a specification.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.