Documentation
¶
Overview ¶
Package gauth implements authentication for Google services. The LoginHandler, LogoutHandler and CallbackHandler are intended to be wrapped by http.HandleFunc handlers. For example:
var auth *gauth.UserAuth
...
http.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) { auth.loginHandler(w, r) }
Index ¶
- Variables
- func GetClaims(tokString string, secret []byte) (map[string]interface{}, error)
- func GetHexSecret(ctx context.Context, projectID, key string) ([]byte, error)
- func GetSecret(ctx context.Context, projectID, key string) (string, error)
- func GetSecrets(ctx context.Context, projectID string, keys []string) (map[string]string, error)
- func PutClaims(claims map[string]interface{}, secret []byte) (string, error)
- func ReadGoogleStorageBucket(ctx context.Context, url string) ([]byte, error)
- type Profile
- type UserAuth
- func (ua *UserAuth) CallbackHandler(w http.ResponseWriter, r *http.Request) error
- func (ua *UserAuth) GetProfile(w http.ResponseWriter, r *http.Request) (*Profile, error)
- func (ua *UserAuth) Init()
- func (ua *UserAuth) LoginHandler(w http.ResponseWriter, r *http.Request) error
- func (ua *UserAuth) LogoutHandler(w http.ResponseWriter, r *http.Request) error
- func (ua *UserAuth) PutData(w http.ResponseWriter, r *http.Request, data string) error
Constants ¶
This section is empty.
Variables ¶
Functions ¶
func GetClaims ¶
GetClaims retrieves JWT claims from a token string using the supplied secret. Any "Bearer" string prefix will be ignored.
func GetHexSecret ¶
GetHexSecret gets a single hex-encoded secret and returns the decoded bytes.
func GetSecret ¶
GetSecret gets a single secret from either a file or Google Storage bucket specified by the <PROJECTID>_SECRETS environment variable.
func GetSecrets ¶
GetSecrets looks up secrets from either a file or Google Storage bucket specified by the <PROJECTID>_SECRETS environment variable. Each line is a colon-separated key and value. The keys argument specifies required keys.
Types ¶
type Profile ¶
Profile holds info about the logged-in user. GivenName, FamilyName, Email, and Locale come from the Google user profile. Data is optional non-persistent data associated with the user.
type UserAuth ¶
type UserAuth struct {
sync.Mutex
ProjectID string // GAE project ID.
ClientID string // Oauth2 client ID.
SessionID string // Default OAuth2 session ID.
MaxAge int // OAuth2 max age in seconds.
// contains filtered or unexported fields
}
UserAuth implements authentication of Google users using OAuth2. User authentication involves two steps:
Redirecting the user to Google's authorization service. Processing the response when Google redirects the user back to us.
See also:
https://godoc.org/google.golang.org/api/people/v1 https://developers.google.com/people/v1/how-tos/authorizing
func (*UserAuth) CallbackHandler ¶
CallbackHandler completes the OAuth flow, retrieves the user's profile information and stores info in the default session.
func (*UserAuth) GetProfile ¶
GetProfile retrieves the profile for a logged in user, or nil otherwise. If the OAuth session is still valid, the profile is retrieved from the session store. If not, a new client request is issued to obtain the profile anew. Optional profile data is preserved.
func (*UserAuth) Init ¶
func (ua *UserAuth) Init()
Init initializes Google user authentication using OAuth2. It requires the use of two secrets obtained via GetSecrets:
clientSecret: the OAuth 2 client secret for the given client ID. sessionKey: the secure cookie generated by securecookie.GenerateRandomKey(32).
func (*UserAuth) LoginHandler ¶
LoginHandler initiates an OAuth flow to authenticate the user, storing the state in a session of age oauthMaxAge. The session ID, which is a UUID, is used as the OAuth state parameter. See also https://godoc.org/golang.org/x/oauth2#Config.AuthCodeURL.
func (*UserAuth) LogoutHandler ¶
LogoutHandler logs out the current user by clearing the default session.
Source Files