oauth1a

package module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2021 License: Apache-2.0 Imports: 15 Imported by: 106

README

Package oauth1a

Summary

An implementation of OAuth 1.0a in Go1.

Installing

Run:

go get github.com/kurrik/oauth1a

Include in your source:

import "github.com/kurrik/oauth1a"

Testing

Clone this repository, then run:

go test -short

in the oauth1a directory. To run an integration test, create a file named CREDENTIALS in the library directory. There should be four lines in this file, in the following format:

<Twitter consumer key>
<Twitter consumer secret>
<Twitter access token>
<Twitter access token secret>

Then run:

go test

This will run an integration test against the Twitter /account/verify_credentials.json endpoint.

Using

A good approach wil be to check oauth1a_test.go for usage.

As a vague example, here is code to configure the library for accessing Twitter:

service := &oauth1a.Service{
	RequestURL:   "https://api.twitter.com/oauth/request_token",
	AuthorizeURL: "https://api.twitter.com/oauth/request_token",
	AccessURL:    "https://api.twitter.com/oauth/request_token",
	ClientConfig: &oauth1a.ClientConfig{
		ConsumerKey:    "<your Twitter consumer key>",
		ConsumerSecret: "<your Twitter consumer secret>",
		CallbackURL:    "<your Twitter callback URL>",
	},
	Signer: new(oauth1a.HmacSha1Signer),
}

To obtain user credentials:

httpClient := new(http.Client)
ctx := context.Background()
userConfig := &oauth1a.UserConfig{}
userConfig.GetRequestToken(ctx, service, httpClient)
url, _ := userConfig.GetAuthorizeURL(service)
var token string
var verifier string
// Redirect the user to <url> and parse out token and verifier from the response.
userConfig.GetAccessToken(ctx, token, verifier, service, httpClient)

Or if you have existing credentials:

token := "<your access token>"
secret := "<your access token secret>"
userConfig := NewAuthorizedConfig(token, secret)

To send an authenticated request:

httpRequest, _ := http.NewRequest("GET", "https://api.twitter.com/1/account/verify_credentials.json", nil)
service.Sign(httpRequest, userConfig)
var httpResponse *http.Response
var err error
httpResponse, err = httpClient.Do(httpRequest)

Examples

github.com/twittergo-examples/sign_in/main.go - A three legged example which uses Twitter's API. To run, cd to the examples directory and then run:

go run main.go -key=<TWITTER_CONSUMER_KEY> -secret=<TWITTER_CONSUMER_SECRET>

This will host a server on localhost:10000 (use the -port flag to change the port this runs on). Navigate to http://localhost:10000 and then follow the sign in flow.

Note that this example implements a rudimentary session mechanism so that the callback can be matched to the user who initiated the sign in session. Otherwise, it would be possible for one user to initiate a sign in session and another user to complete it. This is a best practice but imposes a requirement for the auth flow to be stateful. If you understand the risks in removing this check from your application, it is possible to implement the flow in a stateless manner.

Version history

Version Changes
v0.1.0 Initial library version.
v0.1.1 Added context support.

Versions are released with:

git tag v0.1.0
git push origin v0.1.0

Documentation

Overview

Package oauth1a implements the OAuth 1.0a specification.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Rfc3986Escape

func Rfc3986Escape(input string) string

Rfc3986Escape escapes a string more in line with Rfc3986 than http.URLEscape. URLEscape was converting spaces to "+" instead of "%20", which was messing up the signing of requests.

Types

type ClientConfig

type ClientConfig struct {
	ConsumerSecret string
	ConsumerKey    string
	CallbackURL    string
}

ClientConfig is a container for client-specific configuration related to the OAuth process. This struct is intended to be serialized and stored for future use.

type HmacSha1Signer

type HmacSha1Signer struct{}

HmacSha1Signer is a signer which implements the HMAC-SHA1 signing algorithm.

func (*HmacSha1Signer) GetOAuthParams

func (s *HmacSha1Signer) GetOAuthParams(request *http.Request, clientConfig *ClientConfig, userConfig *UserConfig, nonce string, timestamp string) (map[string]string, string, error)

GetOAuthParams returns a map of all of the oauth_* (including signature) parameters for the given request, and the signature base string used to generate the signature.

func (*HmacSha1Signer) GetSignature

func (s *HmacSha1Signer) GetSignature(consumerSecret string, tokenSecret string, signatureBase string) string

GetSignature calculates the HMAC-SHA1 signature of a base string, given a consumer and token secret.

func (*HmacSha1Signer) Sign

func (s *HmacSha1Signer) Sign(request *http.Request, clientConfig *ClientConfig, userConfig *UserConfig) error

Sign adds the appropriate OAuth Authorization header to given an unsigned request using the HMAC-SHA1 algorithm.

type Service

type Service struct {
	RequestURL   string
	AuthorizeURL string
	AccessURL    string
	*ClientConfig
	Signer
}

Service represents an API which offers OAuth access.

func (*Service) Sign

func (s *Service) Sign(request *http.Request, userConfig *UserConfig) error

Sign signs an HTTP request with the needed OAuth parameters.

type Signer

type Signer interface {
	Sign(request *http.Request, config *ClientConfig, user *UserConfig) error
}

Signer interface for any OAuth signing implementations.

type UserConfig

type UserConfig struct {
	RequestTokenSecret string
	RequestTokenKey    string
	AccessTokenSecret  string
	AccessTokenKey     string
	Verifier           string
	AccessValues       url.Values
}

UserConfig is a container for user-specific keys and secrets related to the OAuth process. This struct is intended to be serialized and stored for future use. Request and Access tokens are each stored separately, so that the current position in the auth flow may be inferred.

func NewAuthorizedConfig

func NewAuthorizedConfig(token string, secret string) *UserConfig

NewAuthorizedConfig creates a UserConfig object with existing access token credentials. For users where an access token has been obtained through other means than the authz flows provided by this library.

func (*UserConfig) GetAccessToken

func (c *UserConfig) GetAccessToken(ctx context.Context, token string, verifier string, service *Service, client *http.Client) error

GetAccessToken issues a request to exchange the current request token for an access token.

func (*UserConfig) GetAuthorizeURL

func (c *UserConfig) GetAuthorizeURL(service *Service) (string, error)

GetAuthorizeURL obtains a URL which will allow the current user to authorize access to their OAuth-protected data.

func (*UserConfig) GetRequestToken

func (c *UserConfig) GetRequestToken(ctx context.Context, service *Service, client *http.Client) error

GetRequestToken issues a request to obtain a Request token.

func (*UserConfig) GetToken

func (c *UserConfig) GetToken() (string, string)

GetToken returns a token and secret corresponding to where in the OAuth flow this config is currently in. The priority is Access token, Request token, empty string.

func (*UserConfig) ParseAuthorize

func (c *UserConfig) ParseAuthorize(request *http.Request, service *Service) (string, string, error)

ParseAuthorize parses an access token and verifier from a redirected authorize request.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL