Some Viewpoints For Go Oauth2 Pkg

go-oauth2 is a pkg for oauth2 features. We could build a oauth2 server by modifying the hanlder functions to verify. See the code below:

package main

import (
	"net/http"

	"github.com/gin-gonic/gin"
	ginserver "github.com/go-oauth2/gin-server"
	"gopkg.in/oauth2.v3/manage"
	"gopkg.in/oauth2.v3/models"
	"gopkg.in/oauth2.v3/server"
	"gopkg.in/oauth2.v3/store"
)

func main() {
	manager := manage.NewDefaultManager()

	// token store
	manager.MustTokenStorage(store.NewFileTokenStore("data.db"))

	// client store
	clientStore := store.NewClientStore()
	clientStore.Set("000000", &models.Client{
		ID:     "000000",
		Secret: "999999",
		Domain: "http://localhost",
	})
	manager.MapClientStorage(clientStore)

	// Initialize the oauth2 service
	gs := ginserver.InitServer(manager)
	ginserver.SetAllowGetAccessRequest(true)
	ginserver.SetClientInfoHandler(server.ClientFormHandler)

	g := gin.Default()

	gs.PasswordAuthorizationHandler = func(username, password string) (string, error) {
		// This is the main part to modify
		return "user_id_example", nil
	}

	auth := g.Group("/oauth2")
	{
		auth.GET("/token", ginserver.HandleTokenRequest)
	}

	api := g.Group("/api")
	{
		api.Use(ginserver.HandleTokenVerify())
		api.GET("/test", func(c *gin.Context) {
			ti, exists := c.Get(ginserver.DefaultConfig.TokenKey)
			if exists {
				c.JSON(http.StatusOK, ti)
				return
			}
			c.String(http.StatusOK, "not found")
		})
	}

	g.Run(":9096")
}

It’s convienient to build a new server for authorize. But the server may query the DB to verify. As we know, DB doesn’t allow app to visit as secure reasons. So we should rebuild this to Microservice version:

• call remote api to verify
• config the remote api in env
• implement the remote api in the service App

In this way, We could easily run the authorize service by config, not by modifying the code. Not with DB, The server will be very pure and will be painless to maintain.