This demostration provides the Authorization Code implimentation of Oauth 2.0 from scratch in golang. This includes the client (represented as a print service), and the authorization / resource server (represented as a photo gallery service).
When looking for Oauth implementations, I could only find demonstrations of the client-side code, not the authorization server. To better understand the framework, I have implemented a basic version of the Oauth 2.0 Authorization Code Grant specification as defined in RFC6749.
This implementation includes the authorization server, client, and resource server.
- Input validation and errors are not included (see RFC6749 4.1.2.1).
- Asymmetrical encryption for client id and client secret is not implemented.
- Code and Access Token expiration is not implemented.
- Refresh Token is not implemented.
- Random integers are used for access tokens, state, and codes for simplicity.