identity-toolkit-go-client

module

v0.0.0-...-875f284 Latest Latest Go to latest Published: Nov 3, 2015 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mcduan/identity-toolkit-go-client

Links

Open Source Insights

README ¶

Google Identity Toolkit Go client

This is the Go client library for Google Identity Toolkit services. Documentation at http://godoc.org/github.com/google/identity-toolkit-go-client/gitkit

The gitkit package provides convenient utilities for websites to integrate with the Google Identity Toolkit service.

See more at https://developers.google.com/identity-toolkit

To use Identity Toolkit Go client:

var client *gitkit.Client

func handleSignIn(w http.ResponseWriter, r *http.Request) {
	// If there is no valid session, check identity tookit ID token.
	ts := client.TokenFromRequest(r)
	token, err := client.ValidateToken(context.Background(), ts)
	if err != nil {
		// Not a valid token. Handle error.
	}
	// Token is valid and it contains the user account information
	// including user ID, email address, etc.
	// Issue your own session cookie to finish the sign in.
}

func main() {
	// Provide configuration. gitkit.LoadConfig() can also be used to load
	// the configuration from a JSON file.
	config := &gitkit.Config{
		ClientID:   "123.apps.googleusercontent.com",
		WidgetURL:  "http://localhost/gitkit",
		CookieName: "gtoken",
	}
	var err error
	client, err = gitkit.New(context.Background(), config)
	if err != nil {
		// Handle error.
	}

	// Provide HTTP handler.
	http.HandleFunc("/signIn", handleSignIn)
	// Start the server.
	log.Fatal(http.ListenAndServe(":8080", nil))
}

The integration with Google App Engine is similar except for the context variable should be created from the request, i.e., appengine.NewContext(r):

var client *gitkit.Client

func handleSignIn(w http.ResponseWriter, r *http.Request) {
	// If there is no valid session, check identity tookit ID token.
	ts := client.TokenFromRequest(r)
	token, err := client.ValidateToken(appengine.NewContext(r), ts)
	if err != nil {
		// Not a valid token. Handle error.
	}
	// Token is validate and it contains the user account information
	// including user ID, email address, etc.
	// Issue your own session cookie to finish the sign in.
}

func init() {
	// Provide configuration. gitkit.LoadConfig() can also be used to load
	// the configuration from a JSON file.
	config := &gitkit.Config{
		ClientID:	"123.apps.googleusercontent.com",
		WidgetURL:	"http://localhost/gitkit",
		CookieName:	"gtoken",
	}
	// Set the JSON key file path if running dev server in local.
	if appengine.IsDevAppServer() {
		config.GoogleAppCredentialsPath = googleAppCredentialsPath
	}
	var err error
	client, err = gitkit.New(context.Background(), config)
	if err != nil {
		// Handle error.
	}

	// Provide HTTP handler.
	http.HandleFunc("/signIn", handleSignIn)
	// Start the server.
	log.Fatal(http.ListenAndServe(":8080", nil))
}

The client also provides other methods to help manage user accounts, for example,

To validate the token and also fetch the account information from the identity toolkit service:

user, err := client.UserByToken(ctx, token)

or:

user, err := client.UserByEmail(ctx, email)

or:

user, err := client.UserByLocalID(ctx, localID)

To update, or delete the account information of a user:

err := client.UpdateUser(ctx, user)
err := client.DeleteUser(ctx, user)

The Go client uses Google Application Default Credentials to access authentication required Identity Toolkit API. The credentials returned are determined by the environment the code is running in. Conditions are checked in the following order:

The environment variable GOOGLE_APPLICATION_CREDENTIALS is checked. If this variable is specified it should point to a file that defines the credentials. The simplest way to get a credential for this purpose is to create a service account using the Google Developers Console in the section APIs & Auth, in the sub-section Credentials. Create a service account or choose an existing one and select Generate new JSON key. Set the environment variable to the path of the JSON file downloaded.
If you have installed the Google Cloud SDK on your machine and have run the command gcloud auth login, your identity can be used as a proxy to test code calling APIs from that machine.
If you are running in Google App Engine production, the built-in service account associated with the application will be used.
If you are running in Google Compute Engine production, the built-in service account associated with the virtual machine instance will be used.
If none of these conditions is true, an error will occur.

If Application Default Credentials doesn't work for your use case, you can set GoogleAppCredentialsPath in the config to the JSON key file path.

Directories ¶

Path	Synopsis
gitkit Package gitkit provides convenient utilities for third party website to integrate Google Identity Toolkit.	Package gitkit provides convenient utilities for third party website to integrate Google Identity Toolkit.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL