README
¶
oauth-token-proxy
A thin proxy for OAuth-secured (JSON) REST APIs.
Motivation
oauth-token-proxy enables mobile apps and single-page web apps (SPAs) to use the OAuth authorization code flow without exposing their client credentials.
Limitations
oauth-proxy refuses to wrap non-JSON APIs. It enforces this by rejecting all
requests with Content-Type headers other than application/json. It does this
to protect against CSRF attacks. (In general, browsers cannot send cross-origin
JSON requests.)
A "synchronizer token"-based approach would enable oauth-proxy to wrap non-JSON APIs, at the cost of minor implementation overhead. (This approach would also protect against browser security bugs.) If you're interested in implementing this, let me know! I'm happy to accept a patch.
Installation
go get -u github.com/paulrosania/oauth-token-proxy
Documentation
Full API documentation is available here:
https://godoc.org/github.com/paulrosania/oauth-token-proxy
Thanks
- Alex Bilbie, for the article OAuth and Single Page JavaScript Web-Apps, which inspired this project.
Contributing
- Fork the project
- Make your changes
- Run tests (
go test) - Send a pull request!
If you're making a big change, please open an issue first, so we can discuss.
License
MIT
Documentation
¶
There is no documentation for this package.
Source Files