README
¶
negroni-oauth2 
Allows your Negroni application to support user login via an OAuth 2.0 backend. Requires negroni-sessions middleware.
Google, Facebook, LinkedIn and Github sign-in are currently supported.
Once endpoints are provided, this middleware can work with any OAuth 2.0 backend.
Usage
package main
import (
"fmt"
"net/http"
oauth2 "github.com/goincremental/negroni-oauth2"
sessions "github.com/goincremental/negroni-sessions"
"github.com/goincremental/negroni-sessions/cookiestore"
"github.com/urfave/negroni"
)
func main() {
secureMux := http.NewServeMux()
// Routes that require a logged in user
// can be protected by using a separate route handler
// If the user is not authenticated, they will be
// redirected to the login path.
secureMux.HandleFunc("/restrict", func(w http.ResponseWriter, req *http.Request) {
token := oauth2.GetToken(req)
fmt.Fprintf(w, "OK: %s", token.Access())
})
secure := negroni.New()
secure.Use(oauth2.LoginRequired())
secure.UseHandler(secureMux)
n := negroni.New()
n.Use(sessions.Sessions("my_session", cookiestore.New([]byte("secret123"))))
n.Use(oauth2.Google(&oauth2.Config{
ClientID: "client_id",
ClientSecret: "client_secret",
RedirectURL: "refresh_url",
Scopes: []string{"https://www.googleapis.com/auth/drive"},
}))
router := http.NewServeMux()
//routes added to mux do not require authentication
router.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
token := oauth2.GetToken(req)
if token == nil || !token.Valid() {
fmt.Fprintf(w, "not logged in, or the access token is expired")
return
}
fmt.Fprintf(w, "logged in")
return
})
//There is probably a nicer way to handle this than repeat the restricted routes again
//of course, you could use something like gorilla/mux and define prefix / regex etc.
router.Handle("/restrict", secure)
n.UseHandler(router)
n.Run(":3000")
}
Auth flow
/loginwill redirect user to the OAuth 2.0 provider's permissions dialog. If there is anextquery param provided, user is redirected to the next page afterwards.- If user agrees to connect, OAuth 2.0 provider will redirect to
/oauth2callbackto let your app to make the handshake. You need to register/oauth2callbackas a Redirect URL in your application settings. /logoutwill log the user out. If there is anextquery param provided, user is redirected to the next page afterwards.
You can customize the login, logout, oauth2callback and error paths:
oauth2.PathLogin = "/oauth2login"
oauth2.PathLogout = "/oauth2logout"
...
Contributors
Derived from martini-contrib/oauth2
Documentation
¶
Index ¶
- Variables
- func Facebook(config *Config) negroni.Handler
- func Github(config *Config) negroni.Handler
- func Google(config *Config) negroni.Handler
- func LinkedIn(config *Config) negroni.Handler
- func LoginRequired() negroni.HandlerFunc
- func NewOAuth2Provider(config *Config, authUrl, tokenUrl string) negroni.HandlerFunc
- func SetToken(r *http.Request, t interface{})
- type Config
- type Token
- type Tokens
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // PathLogin sets the path to handle OAuth 2.0 logins. PathLogin = "/login" // PathLogout sets to handle OAuth 2.0 logouts. PathLogout = "/logout" // PathCallback sets the path to handle callback from OAuth 2.0 backend // to exchange credentials. PathCallback = "/oauth2callback" // PathError sets the path to handle error cases. PathError = "/oauth2error" )
Functions ¶
func LoginRequired ¶
func LoginRequired() negroni.HandlerFunc
Handler that redirects user to the login page if user is not logged in.
func NewOAuth2Provider ¶
func NewOAuth2Provider(config *Config, authUrl, tokenUrl string) negroni.HandlerFunc
Returns a generic OAuth 2.0 backend endpoint.
Types ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.