Open ID Connect
--There is a token issuance process in the evolved version of outh2
--Delegate to another provider (Google in this case) without having authentication information such as user password in the application itself
--There are various providers
- Google
- AzureAD
- AWS Cognito
- outh0
--There is a concept of state
to prevent spoofing such as cross-site scripting.
https://github.com/coreos/go-oidc
git cloen https://github.com/coreos/go-oidc
cd go-oidc/example
yuta:~/go-oidc/example (v3=) $ cat README.md
# Examples
These are example uses of the oidc package. Each requires a Google account and the client ID and secret of a registered OAuth2 application. To create one:
1. Visit your [Google Developer Console][google-developer-console].
2. Click "Credentials" on the left column.
3. Click the "Create credentials" button followed by "OAuth client ID".
4. Select "Web application" and add "http://127.0.0.1:5556/auth/google/callback" as an authorized redirect URI.
5. Click create and add the printed client ID and secret to your environment using the following variables:
https://console.developers.google.com/
--Create
will create a client ID and client secret
export GOOGLE_OAUTH2_CLIENT_ID=739786550065-g36863uform2efr5nrvvmjpj30pu9nuf.apps.googleusercontent.com
export GOOGLE_OAUTH2_CLIENT_SECRET=4sLRLGBdYu_un8C58c8Yg2yr
The OS environment variable of the execution server is read by the os package
var (
clientID = os.Getenv("GOOGLE_OAUTH2_CLIENT_ID")
clientSecret = os.Getenv("GOOGLE_OAUTH2_CLIENT_SECRET")
)
yuta:~/go-oidc/example (v3=) $ go run idtoken/app.go
2021/01/17 16:13:04 listening on http://127.0.0.1:5556/
http://127.0.0.1:5556/
Recommended Posts