Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

github.com/ghophp/osin-mysql

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/ghophp/osin-mysql

  • v0.0.0-20170130154214-519ed5e9b8bb
  • Source
  • Go
  • Socket score
Version published
Created
Source

osin-mysql

Travis GoDoc

A MySQL storage backend for osin oauth2. Additional to implementing the osin.Storage interface, the github.com/felipeweb/osin-mysql/storage.Storage interface defines new methods:

// CreateClient stores the client in the database and returns an error, if something went wrong.
CreateClient(client osin.Client) error

// UpdateClient updates the client (identified by its id) and replaces the values with the values of client.
// Returns an error if something went wrong.
UpdateClient(client osin.Client) error

// RemoveClient removes a client (identified by id) from the database. Returns an error if something went wrong.
RemoveClient(id string) error

Encrypt your tokens

Unfortunately, the osin library offers little capabilities for storing credentials like access or refresh tokens in a hashed or encrypted way. An attacker could gain access to your database through various attack vectors, steal these tokens and gain, for example, administrative access to your application.

Please be aware, that this library stores all data as-is and does not perform any sort of encryption or hashing.

Usage

First, install this library with go get "github.com/felipeweb/osin-mysql".

import (
	"database/sql"
	_ "github.com/go-sql-driver/mysql"

	"github.com/felipeweb/osin-mysql"
	"github.com/RangelReale/osin"
)

func main() {
    url := "user:password@tcp(host:3306)/dbname?parseTime=true"
    db, err := sql.Open("mysql", url)
    if err != nil {
        return nil, err
    }

    store := mysql.New(db,"osin_")
    store.CreateSchemas()
    server := osin.NewServer(osin.NewServerConfig(), store)

    // See the osin documentation for more information
    // e.g.: server.HandleAuthorizeRequest(resp, r)
}

Limitations

TL;DR AuthorizeData's Client's and AccessData's UserData field must be string due to language restrictions or an error will be thrown.

In osin, Client, AuthorizeData and AccessData have a UserData property of type interface{}. This does not work well with SQL, because it is not possible to gob decode or unmarshall the data back, since the concrete type is not known. Because osin's storage interface does not support setting the UserData type, this library tries to convert UserData to string and return it as such. With this, you could for example gob encode (use e.g. base64 encode for SQL storage type compatibility) the data before passing it to e.g. FinishAccessRequest and decode it when needed.

2016-10-23 BREAKING CHANGES

  • Now New() recives a db object and a table prefix as parameter

FAQs

Package last updated on 30 Jan 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven Cybersecurity and Supply Chain Transparency

Security News

Outgoing Biden Administration Issues Sweeping Executive Order on AI-Driven Cybersecurity and Supply Chain Transparency

Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.

By Sarah Gooding  -  Jan 21, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc