github.com/iris-contrib/oauth1
Package oauth1 is a Go implementation of the OAuth1 spec RFC 5849. It allows end-users to authorize a client (consumer) to access protected resources on their behalf (e.g. login) and allows clients to make signed and authorized requests on behalf of a user (e.g. API calls). It takes design cues from golang.org/x/oauth2, providing an http.Client which handles request signing and authorization. Package oauth1 implements the OAuth1 authorization flow and provides an http.Client which can sign and authorize OAuth1 requests. To implement "Login with X", use the https://github.com/dghubble/gologin packages which provide login handlers for OAuth1 and OAuth2 providers. To call the Twitter, Digits, or Tumblr OAuth1 APIs, use the higher level Go API clients. * https://github.com/dghubble/go-twitter * https://github.com/dghubble/go-digits * https://github.com/benfb/go-tumblr Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token. 1. When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials). 2. Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access. Receive the callback from the OAuth1 provider in a handler. 3. Acquire the access token (token credentials) which can later be used to make requests on behalf of the user. Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login. Use an access Token to make authorized requests on behalf of a user. Check the examples to see Twitter and Tumblr requests in action.
Readme
Modified to export some usefull methods in order to not re-create an http.Client instance for each authorized user. Forked from dghubble/oauth1.
$ go get github.com/iris-contrib/oauth1@latest
import "github.com/kataras/iris/v12/x/client"
var myClient = client.New(client.BaseURL("https://xxx.xxx.com"))
import "github.com/iris-contrib/oauth1"
var config = &oauth1.Config{
ConsumerKey: "xxx",
ConsumerSecret: "xxx",
CallbackURL: "http://localhost:8080/callback",
Endpoint: oauth1.Endpoint{
RequestTokenURL: "https://xxx.xxx.com/oauth-service/oauth/request_token",
AuthorizeURL: "https://xxx.xxx.com/oauthConfirm",
AccessTokenURL: "https://xxx.xxx.com/oauth-service/oauth/access_token",
},
}
func testPreFilledAccessToken(ctx iris.Context) {
var (
accessToken = "xxx"
accessSecret = "xxx"
)
endpoint := "xxx"
opt := oauth1.RequestOption(config, accessToken, accessSecret)
var resp interface{}
err := garminClient.ReadJSON(ctx, &resp, iris.MethodGet, endpoint, nil, opt)
if err != nil {
ctx.StopWithError(iris.StatusBadGateway, err)
return
}
ctx.JSON(resp)
}
func requestToken(ctx iris.Context) {
requestToken, requestSecret, err := config.RequestToken()
if err != nil {
ctx.Application().Logger().Errorf("request token: %s", err.Error())
return
}
authorizationURL, err := config.AuthorizationURL(requestToken)
if err != nil {
ctx.Application().Logger().Errorf("authorize: %s", err.Error())
return
}
// You have to keep "requestSecret" for the next request, it's up to you.
ctx.Redirect(authorizationURL.String())
}
func oauth1Callback(ctx iris.Context) {
requestToken, verifier, err := oauth1.ParseAuthorizationCallback(ctx.Request())
if err != nil {
ctx.Application().Logger().Errorf("callback: parse auth callback: %s", err.Error())
return
}
// Pass it through url parameters or anything,
// just fill it with the previous handler's result.
var requestSecret string
accessToken, accessSecret, err := config.AccessToken(requestToken, requestSecret, verifier)
if err != nil {
ctx.Application().Logger().Errorf("callback: access token: %s", err.Error())
return
}
}
FAQs
Package oauth1 is a Go implementation of the OAuth1 spec RFC 5849. It allows end-users to authorize a client (consumer) to access protected resources on their behalf (e.g. login) and allows clients to make signed and authorized requests on behalf of a user (e.g. API calls). It takes design cues from golang.org/x/oauth2, providing an http.Client which handles request signing and authorization. Package oauth1 implements the OAuth1 authorization flow and provides an http.Client which can sign and authorize OAuth1 requests. To implement "Login with X", use the https://github.com/dghubble/gologin packages which provide login handlers for OAuth1 and OAuth2 providers. To call the Twitter, Digits, or Tumblr OAuth1 APIs, use the higher level Go API clients. * https://github.com/dghubble/go-twitter * https://github.com/dghubble/go-digits * https://github.com/benfb/go-tumblr Perform the OAuth 1 authorization flow to ask a user to grant an application access to his/her resources via an access token. 1. When a user performs an action (e.g. "Login with X" button calls "/login" route) get an OAuth1 request token (temporary credentials). 2. Obtain authorization from the user by redirecting them to the OAuth1 provider's authorization URL to grant the application access. Receive the callback from the OAuth1 provider in a handler. 3. Acquire the access token (token credentials) which can later be used to make requests on behalf of the user. Check the examples to see this authorization flow in action from the command line, with Twitter PIN-based login and Tumblr login. Use an access Token to make authorized requests on behalf of a user. Check the examples to see Twitter and Tumblr requests in action.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).
Security News
LDAPjs, an LDAP Client and Server API for Node.js, was decommissioned after its maintainer received an abusive email from a user, raising concerns about this form of abuse as a potential attack vector.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.