oauth1a

package
v0.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 13, 2014 License: Apache-2.0, MIT Imports: 12 Imported by: 0

README

Package oauth1a

Summary

An implementation of OAuth 1.0a in Go1.

Installing

Run:

go get github.com/kurrik/oauth1a

Include in your source:

import "github.com/kurrik/oauth1a"

Testing

Clone this repository, then run:

go test -short

in the oauth1a directory. To run an integration test, create a file named CREDENTIALS in the library directory. There should be four lines in this file, in the following format:

<Twitter consumer key>
<Twitter consumer secret>
<Twitter access token>
<Twitter access token secret>

Then run:

go test

This will run an integration test against the Twitter /account/verify_credentials.json endpoint.

Using

A good approach wil be to check oauth1a_test.go for usage.

As a vague example, here is code to configure the library for accessing Twitter:

service := &oauth1a.Service{
	RequestURL:   "https://api.twitter.com/oauth/request_token",
	AuthorizeURL: "https://api.twitter.com/oauth/request_token",
	AccessURL:    "https://api.twitter.com/oauth/request_token",
	ClientConfig: &oauth1a.ClientConfig{
		ConsumerKey:    "<your Twitter consumer key>",
		ConsumerSecret: "<your Twitter consumer secret>",
		CallbackURL:    "<your Twitter callback URL>",
	},
	Signer: new(oauth1a.HmacSha1Signer),
}

To obtain user credentials:

httpClient := new(http.Client)
userConfig := &oauth1a.UserConfig{}
userConfig.GetRequestToken(service, httpClient)
url, _ := userConfig.GetAuthorizeURL(service)
var token string
var verifier string
// Redirect the user to <url> and parse out token and verifier from the response.
userConfig.GetAccessToken(token, verifier, service, httpClient)

Or if you have existing credentials:

token := "<your access token>"
secret := "<your access token secret>"
userConfig := NewAuthorizedConfig(token, secret)

To send an authenticated request:

httpRequest, _ := http.NewRequest("GET", "https://api.twitter.com/1/account/verify_credentials.json", nil)
service.Sign(httpRequest, userConfig)
var httpResponse *http.Response
var err error
httpResponse, err = httpClient.Do(httpRequest)

Examples

github.com/twittergo-examples/sign_in/main.go - A three legged example which uses Twitter's API. To run, cd to the examples directory and then run:

go run main.go -key=<TWITTER_CONSUMER_KEY> -secret=<TWITTER_CONSUMER_SECRET>

This will host a server on localhost:10000 (use the -port flag to change the port this runs on). Navigate to http://localhost:10000 and then follow the sign in flow.

Note that this example implements a rudimentary session mechanism so that the callback can be matched to the user who initiated the sign in session. Otherwise, it would be possible for one user to initiate a sign in session and another user to complete it. This is a best practice but imposes a requirement for the auth flow to be stateful. If you understand the risks in removing this check from your application, it is possible to implement the flow in a stateless manner.

Documentation

Overview

Package oauth1a implements the OAuth 1.0a specification.

Index

Constants

View Source 
const UNESCAPE_CHARS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-._~"

Characters which should not be escaped according to RFC 3986.

Variables

This section is empty.

Functions

func Rfc3986Escape 

func Rfc3986Escape(input string) string

Escapes a string more in line with Rfc3986 than http.URLEscape. URLEscape was converting spaces to "+" instead of "%20", which was messing up the signing of requests.

Types

type ClientConfig 

type ClientConfig struct {
	ConsumerSecret string
	ConsumerKey    string
	CallbackURL    string
}

Container for client-specific configuration related to the OAuth process. This struct is intended to be serialized and stored for future use.

type HmacSha1Signer 

type HmacSha1Signer struct{}

A Signer which implements the HMAC-SHA1 signing algorithm.

func (HmacSha1Signer) GenerateNonce 

func (HmacSha1Signer) GenerateNonce() string

Generate a unique nonce value. Should not be called more than once per nanosecond TODO: Come up with a better generation method.

func (HmacSha1Signer) GenerateTimestamp 

func (HmacSha1Signer) GenerateTimestamp() int64

Generate a timestamp.

func (*HmacSha1Signer) GetOAuthParams 

func (s *HmacSha1Signer) GetOAuthParams(request *http.Request, clientConfig *ClientConfig, userConfig *UserConfig, nonce string, timestamp string) (map[string]string, string)

Returns a map of all of the oauth_* (including signature) parameters for the given request, and the signature base string used to generate the signature.

func (*HmacSha1Signer) GetSignature 

func (s *HmacSha1Signer) GetSignature(consumerSecret string, tokenSecret string, signatureBase string) string

Calculates the HMAC-SHA1 signature of a base string, given a consumer and token secret.

func (*HmacSha1Signer) Sign 

func (s *HmacSha1Signer) Sign(request *http.Request, clientConfig *ClientConfig, userConfig *UserConfig) error

Given an unsigned request, add the appropriate OAuth Authorization header using the HMAC-SHA1 algorithm.

type Service 

type Service struct {
	RequestURL   string
	AuthorizeURL string
	AccessURL    string
	*ClientConfig
	Signer
}

Represents an API which offers OAuth access.

func (*Service) Sign 

func (s *Service) Sign(request *http.Request, userConfig *UserConfig) error

Signs an HTTP request with the needed OAuth parameters.

type Signer 

type Signer interface {
	Sign(request *http.Request, config *ClientConfig, user *UserConfig) error
}

Interface for any OAuth signing implementations.

type UserConfig 

type UserConfig struct {
	RequestTokenSecret string
	RequestTokenKey    string
	AccessTokenSecret  string
	AccessTokenKey     string
	Verifier           string
	AccessValues       url.Values
}

Container for user-specific keys and secrets related to the OAuth process. This struct is intended to be serialized and stored for future use. Request and Access tokens are each stored separately, so that the current position in the auth flow may be inferred.

func NewAuthorizedConfig 

func NewAuthorizedConfig(token string, secret string) *UserConfig

Creates a UserConfig object with existing access token credentials. For users where an access token has been obtained through other means than the authz flows provided by this library.

func (*UserConfig) GetAccessToken 

func (c *UserConfig) GetAccessToken(token string, verifier string, service *Service, client *http.Client) error

Issue a request to exchange the current request token for an access token.

func (*UserConfig) GetAuthorizeURL 

func (c *UserConfig) GetAuthorizeURL(service *Service) (string, error)

Obtain a URL which will allow the current user to authorize access to their OAuth-protected data.

func (*UserConfig) GetRequestToken 

func (c *UserConfig) GetRequestToken(service *Service, client *http.Client) error

Issue a request to obtain a Request token.

func (*UserConfig) GetToken 

func (c *UserConfig) GetToken() (string, string)

Returns a token and secret corresponding to where in the OAuth flow this config is currently in. The priority is Access token, Request token, empty string.

func (*UserConfig) ParseAuthorize 

func (c *UserConfig) ParseAuthorize(request *http.Request, service *Service) (string, string, error)

Parses an access token and verifier from a redirected authorize reqeust.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.