OAuth1
Package oauth1
provides a Go implementation of the OAuth 1 spec to allow end-users to authorize a client (i.e. consumer) to access protected resources on his/her behalf.
oauth1
takes design cues from golang.org/x/oauth2, to provide an analogous API and an http.Client
with a Transport which signs/authorizes requests.
Install
go get github.com/dghubble/oauth1
Docs
Read GoDoc
Usage
Package oauth1
implements the OAuth1 authorization flow and provides an http.Client
which can sign and authorize OAuth1 requests.
To implement "Login with X", use the gologin packages which provide login handlers for OAuth1 and OAuth2 providers.
To call the Twitter, Digits, or Tumblr OAuth1 APIs, use the higher level Go API clients.
Authorization Flow
Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token.
import (
"github.com/dghubble/oauth1"
"github.com/dghubble/oauth1/twitter"
)
...
config := oauth1.Config{
ConsumerKey: "consumerKey",
ConsumerSecret: "consumerSecret",
CallbackURL: "http://mysite.com/oauth/twitter/callback",
Endpoint: twitter.AuthorizeEndpoint,
}
-
When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials).
requestToken, requestSecret, err = config.RequestToken()
-
Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access.
authorizationURL, err := config.AuthorizationURL(requestToken)
http.Redirect(w, req, authorizationURL.String(), http.StatusFound)
Receive the callback from the OAuth1 provider in a handler.
requestToken, verifier, err := oauth1.ParseAuthorizationCallback(req)
-
Acquire the access token (token credentials) which can later be used to make requests on behalf of the user.
accessToken, accessSecret, err := config.AccessToken(requestToken, requestSecret, verifier)
token := oauth1.NewToken(accessToken, accessSecret)
Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login.
Authorized Requests
Use an access Token
to make authorized requests on behalf of a user.
import (
"github.com/dghubble/oauth1"
)
func main() {
config := oauth1.NewConfig("consumerKey", "consumerSecret")
token := oauth1.NewToken("token", "tokenSecret")
httpClient := config.Client(oauth1.NoContext, token)
path := "https://api.twitter.com/1.1/statuses/home_timeline.json?count=2"
resp, _ := httpClient.Get(path)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Printf("Raw Response Body:\n%v\n", string(body))
}
Check the examples to see Twitter and Tumblr requests in action.
Concepts
An Endpoint
groups an OAuth provider's token and authorization URL endpoints.Endpoints for common providers are provided in subpackages.
A Config
stores a consumer application's consumer key and secret, the registered callback URL, and the Endpoint
to which the consumer is registered. It provides OAuth1 authorization flow methods.
An OAuth1 Token
is an access token which can be used to make signed requests on behalf of a user. See Authorized Requests for details.
If you've used the golang.org/x/oauth2 package for OAuth2 before, this organization should be familiar.
Contributing
See the Contributing Guide.
License
MIT License