go-oauth: github.com/garyburd/go-oauth/oauth Index | Examples | Files

package oauth

import "github.com/garyburd/go-oauth/oauth"

Package oauth is consumer interface for OAuth 1.0, OAuth 1.0a and RFC 5849.

Redirection-based Authorization

This section outlines how to use the oauth package in redirection-based authorization (http://tools.ietf.org/html/rfc5849#section-2).

Step 1: Create a Client using credentials and URIs provided by the server. The Client can be initialized once at application startup and stored in a package-level variable.

Step 2: Request temporary credentials using the Client RequestTemporaryCredentials method. The callbackURL parameter is the URL of the callback handler in step 4. Save the returned credential secret so that it can be later found using credential token as a key. The secret can be stored in a database keyed by the token. Another option is to store the token and secret in session storage or a cookie.

Step 3: Redirect the user to URL returned from AuthorizationURL method. The AuthorizationURL method uses the temporary credentials from step 2 and other parameters as specified by the server.

Step 4: The server redirects back to the callback URL specified in step 2 with the temporary token and a verifier. Use the temporary token to find the temporary secret saved in step 2. Using the temporary token, temporary secret and verifier, request token credentials using the client RequestToken method. Save the returned credentials for later use in the application.

Signing Requests

The Client type has two low-level methods for signing requests, SignForm and SetAuthorizationHeader.

The SignForm method adds an OAuth signature to a form. The application makes an authenticated request by encoding the modified form to the query string or request body.

The SetAuthorizationHeader method adds an OAuth siganture to a request header. The SetAuthorizationHeader method is the only way to correctly sign a request if the application sets the URL Opaque field when making a request.

The Get, Put, Post and Delete methods sign and invoke a request using the supplied net/http Client. These methods are easy to use, but not as flexible as constructing a request using one of the low-level methods.

Index

Examples

Package Files

oauth.go

type Client Uses

type Client struct {
    // Credentials specifies the client key and secret.
    // Also known as the consumer key and secret
    Credentials Credentials

    // TemporaryCredentialRequestURI is the endpoint used by the client to
    // obtain a set of temporary credentials. Also known as the request token
    // URL.
    TemporaryCredentialRequestURI string

    // ResourceOwnerAuthorizationURI is the endpoint to which the resource
    // owner is redirected to grant authorization. Also known as authorization
    // URL.
    ResourceOwnerAuthorizationURI string

    // TokenRequestURI is the endpoint used by the client to request a set of
    // token credentials using a set of temporary credentials. Also known as
    // access token URL.
    TokenRequestURI string

    // RenewCredentialRequestURI is the endpoint the client uses to
    // request a new set of token credentials using the old set of credentials.
    RenewCredentialRequestURI string

    // TemporaryCredentialsMethod is the HTTP method used by the client to
    // obtain a set of temporary credentials. If this field is the empty
    // string, then POST is used.
    TemporaryCredentialsMethod string

    // TokenCredentailsMethod is the HTTP method used by the client to request
    // a set of token credentials. If this field is the empty string, then POST
    // is used.
    TokenCredentailsMethod string

    // Header specifies optional extra headers for requests.
    Header http.Header

    // SignatureMethod specifies the method for signing a request.
    SignatureMethod SignatureMethod

    // PrivateKey is the private key to use for RSA-SHA1 signatures. This field
    // must be set for RSA-SHA1 signatures and ignored for other signature
    // methods.
    PrivateKey *rsa.PrivateKey
}

Client represents an OAuth client.

func (*Client) AuthorizationHeader Uses

func (c *Client) AuthorizationHeader(credentials *Credentials, method string, u *url.URL, params url.Values) string

AuthorizationHeader returns the HTTP authorization header value for given method, URL and parameters.

AuthorizationHeader is deprecated. Use SetAuthorizationHeader instead.

func (*Client) AuthorizationURL Uses

func (c *Client) AuthorizationURL(temporaryCredentials *Credentials, additionalParams url.Values) string

AuthorizationURL returns the URL for resource owner authorization. See http://tools.ietf.org/html/rfc5849#section-2.2 for information about resource owner authorization.

func (*Client) Delete Uses

func (c *Client) Delete(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Delete issues a DELETE with the specified form.

func (*Client) Get Uses

func (c *Client) Get(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Get issues a GET to the specified URL with form added as a query string.

func (*Client) Post Uses

func (c *Client) Post(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Post issues a POST with the specified form.

func (*Client) Put Uses

func (c *Client) Put(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Put issues a PUT with the specified form.

func (*Client) RenewRequestCredentials Uses

func (c *Client) RenewRequestCredentials(client *http.Client, credentials *Credentials, sessionHandle string) (*Credentials, url.Values, error)

RenewRequestCredentials requests new token credentials from the server. See http://wiki.oauth.net/w/page/12238549/ScalableOAuth#AccessTokenRenewal for information about access token renewal.

func (*Client) RequestTemporaryCredentials Uses

func (c *Client) RequestTemporaryCredentials(client *http.Client, callbackURL string, additionalParams url.Values) (*Credentials, error)

RequestTemporaryCredentials requests temporary credentials from the server. See http://tools.ietf.org/html/rfc5849#section-2.1 for information about temporary credentials.

func (*Client) RequestToken Uses

func (c *Client) RequestToken(client *http.Client, temporaryCredentials *Credentials, verifier string) (*Credentials, url.Values, error)

RequestToken requests token credentials from the server. See http://tools.ietf.org/html/rfc5849#section-2.3 for information about token credentials.

func (*Client) RequestTokenXAuth Uses

func (c *Client) RequestTokenXAuth(client *http.Client, temporaryCredentials *Credentials, user, password string) (*Credentials, url.Values, error)

RequestTokenXAuth requests token credentials from the server using the xAuth protocol. See https://dev.twitter.com/oauth/xauth for information on xAuth.

func (*Client) SetAuthorizationHeader Uses

func (c *Client) SetAuthorizationHeader(header http.Header, credentials *Credentials, method string, u *url.URL, form url.Values) error

SetAuthorizationHeader adds an OAuth signature to a request header.

See http://tools.ietf.org/html/rfc5849#section-3.5.1 for information about transmitting OAuth parameters in an HTTP request header.

This example shows how to sign a request when the URL Opaque field is used. See the note at http://golang.org/pkg/net/url/#URL for information on the use of the URL Opaque field.

Code:

form := url.Values{"maxResults": {"100"}}

// The last element of path contains a "/".
path := "/document/encoding%2gizp"

// Create the request with the temporary path "/".
req, err := http.NewRequest("GET", "http://api.example.com/", strings.NewReader(form.Encode()))
if err != nil {
    return err
}

// Overwrite the temporary path with the actual request path.
req.URL.Opaque = path

// Sign the request.
if err := client.SetAuthorizationHeader(req.Header, credentials, "GET", req.URL, form); err != nil {
    return err
}

req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    return err
}
defer resp.Body.Close()
// process the response
return nil

func (*Client) SignForm Uses

func (c *Client) SignForm(credentials *Credentials, method, urlStr string, form url.Values) error

SignForm adds an OAuth signature to form. The urlStr argument must not include a query string.

See http://tools.ietf.org/html/rfc5849#section-3.5.2 for information about transmitting OAuth parameters in a request body and http://tools.ietf.org/html/rfc5849#section-3.5.2 for information about transmitting OAuth parameters in a query string.

func (*Client) SignParam Uses

func (c *Client) SignParam(credentials *Credentials, method, urlStr string, params url.Values)

SignParam is deprecated. Use SignForm instead.

type Credentials Uses

type Credentials struct {
    Token  string // Also known as consumer key or access token.
    Secret string // Also known as consumer secret or access token secret.
}

Credentials represents client, temporary and token credentials.

type RequestCredentialsError Uses

type RequestCredentialsError struct {
    StatusCode int
    Header     http.Header
    Body       []byte
    // contains filtered or unexported fields
}

RequestCredentialsError is an error containing response information when requesting credentials.

func (RequestCredentialsError) Error Uses

func (e RequestCredentialsError) Error() string

type SignatureMethod Uses

type SignatureMethod int

SignatureMethod identifies a signature method.

const (
    HMACSHA1  SignatureMethod = iota // HMAC-SHA1
    RSASHA1                          // RSA-SHA1
    PLAINTEXT                        // Plain text
)

func (SignatureMethod) String Uses

func (sm SignatureMethod) String() string

Package oauth imports 19 packages (graph) and is imported by 197 packages. Updated 2017-07-20. Refresh now. Tools for package owners.