Popularity
6.2
Declining
Activity
0.0
Stable
345
13
34

Programming language: Go

go.auth alternatives and similar packages

Based on the "Authentication & OAuth" category.
Alternatively, view go.auth alternatives based on common mentions on social networks and blogs.

Do you think we are missing an alternative of go.auth or a related project?

Add another 'Authentication & OAuth' Package

README

go.auth

an http authentication API for the Go programming language. Integrates with 3rd party auth providers to add security to your web application.

go get github.com/dchest/authcookie
go get github.com/bradrydzewski/go.auth

Python's Tornado framework, specifically their auth module, was the main inspiration for this library.

THIS LIBRARY IS BEING ACTIVELY DEVELOPED. THE API IS CHANGING WEEKLY.

Providers

The following auth providers are supported:

  • Github OAuth 2.0 demo
  • Google OAuth 2.0 demo
  • Google OpenId 2.0 demo
  • Twitter OAuth 1.0a demo
  • Bitbucket OAuth 1.0a demo

See the multi-provider demo application to provide your users multiple login options.

We plan to add support for the following providers:

  • Facebook
  • LinkedIn

Sample Code

Example program using the Github OAuth auth provider:

// Set the default authentication configuration parameters
auth.Config.CookieSecret         = []byte("asdfasdfasfasdfasdfafsd")
auth.Config.LoginRedirect        = "/auth/login" // send user here to login
auth.Config.LoginSuccessRedirect = "/private"    // send user here post-login
auth.Config.CookieSecure         = false         // for local-testing only

// Create your login handler
githubHandler := auth.Github(githubAccessKey, githubSecretKey)
http.Handle("/auth/login", githubHandler)

// Example of a public http handler
http.HandleFunc("/public", Public)

// Example of a secured http handler
http.HandleFunc("/private", auth.SecureFunc(Private))

It is important to note that we have set auth.Config.CookieSecure to false because we are testing locally, without using SSL. In production this flag should ALWAYS be set to true and used in conjunction with SSL.

User data

The auth.SecureFunc wraps a standard http.HandlerFunc and injects the username into the http request's r.URL.User.Username() field:

func Private(w http.ResponseWriter, r *http.Request) {
    user := r.URL.User.Username()
}

If you want additional user data you must implement our custom handler, and wrap it with the auth.SecureUserFunc. This adds an additional User parameter to your method signature that provides the full set of available user data:

func Private(w http.ResponseWriter, r *http.Request, u auth.User) {
    username := u.Id()
    fullname := u.Name()
    avatar := u.Picture()
    email := u.Email()
    ...
}

http.HandleFunc("/foo", auth.SecureUserFunc(Private))

Configuration

go.auth uses the following default parameters which can be configured:

Variable Description Default Value auth.Config.CookieName name of the secure cookie "UID" auth.Config.CookieSecret key used to encrypt the cookie value nil auth.Config.CookieSecure set the cookie's secure flag (true/false) true auth.Config.CookieHttpOnly set the cookie's HttpOnly flag (true/false) true auth.Config.CookieExp amount of time before cookie expires time.Hour * 24 * 14 auth.Config.LoginRedirect where to re-direct a user that is not authenticated "/auth/login" auth.Config.LoginSuccessRedirect where to re-direct a user once authenticated "/"

Example:

auth.Config.LoginRedirect = "/auth/login/google"