01d957677f
* initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
65 lines
2.1 KiB
Markdown
65 lines
2.1 KiB
Markdown
# OAuth2 for Go
|
|
|
|
[![Build Status](https://travis-ci.org/golang/oauth2.svg?branch=master)](https://travis-ci.org/golang/oauth2)
|
|
[![GoDoc](https://godoc.org/golang.org/x/oauth2?status.svg)](https://godoc.org/golang.org/x/oauth2)
|
|
|
|
oauth2 package contains a client implementation for OAuth 2.0 spec.
|
|
|
|
## Installation
|
|
|
|
~~~~
|
|
go get golang.org/x/oauth2
|
|
~~~~
|
|
|
|
See godoc for further documentation and examples.
|
|
|
|
* [godoc.org/golang.org/x/oauth2](http://godoc.org/golang.org/x/oauth2)
|
|
* [godoc.org/golang.org/x/oauth2/google](http://godoc.org/golang.org/x/oauth2/google)
|
|
|
|
|
|
## App Engine
|
|
|
|
In change 96e89be (March 2015) we removed the `oauth2.Context2` type in favor
|
|
of the [`context.Context`](https://golang.org/x/net/context#Context) type from
|
|
the `golang.org/x/net/context` package
|
|
|
|
This means its no longer possible to use the "Classic App Engine"
|
|
`appengine.Context` type with the `oauth2` package. (You're using
|
|
Classic App Engine if you import the package `"appengine"`.)
|
|
|
|
To work around this, you may use the new `"google.golang.org/appengine"`
|
|
package. This package has almost the same API as the `"appengine"` package,
|
|
but it can be fetched with `go get` and used on "Managed VMs" and well as
|
|
Classic App Engine.
|
|
|
|
See the [new `appengine` package's readme](https://github.com/golang/appengine#updating-a-go-app-engine-app)
|
|
for information on updating your app.
|
|
|
|
If you don't want to update your entire app to use the new App Engine packages,
|
|
you may use both sets of packages in parallel, using only the new packages
|
|
with the `oauth2` package.
|
|
|
|
import (
|
|
"golang.org/x/net/context"
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/google"
|
|
newappengine "google.golang.org/appengine"
|
|
newurlfetch "google.golang.org/appengine/urlfetch"
|
|
|
|
"appengine"
|
|
)
|
|
|
|
func handler(w http.ResponseWriter, r *http.Request) {
|
|
var c appengine.Context = appengine.NewContext(r)
|
|
c.Infof("Logging a message with the old package")
|
|
|
|
var ctx context.Context = newappengine.NewContext(r)
|
|
client := &http.Client{
|
|
Transport: &oauth2.Transport{
|
|
Source: google.AppEngineTokenSource(ctx, "scope"),
|
|
Base: &newurlfetch.Transport{Context: ctx},
|
|
},
|
|
}
|
|
client.Get("...")
|
|
}
|
|
|