first commit
This commit is contained in:
@@ -0,0 +1,37 @@
|
||||
// Package oauth builds provider-specific OAuth2 configurations. Right now
|
||||
// there's only Google, but the package name is deliberately generic (not
|
||||
// "google") so a second provider (GitHub, Microsoft, ...) could live
|
||||
// alongside it later as its own file/function without a rename.
|
||||
package oauth
|
||||
|
||||
import (
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/google"
|
||||
|
||||
"git.hamidsoltani.com/hamid/go-simple-api/internal/config"
|
||||
)
|
||||
|
||||
// NewGoogleConfig builds the *oauth2.Config describing how to talk to
|
||||
// Google's OAuth2 system: our app's identity (ClientID/ClientSecret),
|
||||
// where Google should redirect the user back to after login
|
||||
// (RedirectURL - this MUST exactly match what's registered in the Google
|
||||
// Cloud Console), what permission we're requesting (Scopes), and which
|
||||
// provider's specific auth/token URLs to use (Endpoint).
|
||||
func NewGoogleConfig(cfg config.Config) *oauth2.Config {
|
||||
return &oauth2.Config{
|
||||
ClientID: cfg.GoogleClientID,
|
||||
ClientSecret: cfg.GoogleClientSecret,
|
||||
RedirectURL: cfg.GoogleRedirectURL,
|
||||
|
||||
// We only ask for the user's email - the minimum needed to
|
||||
// identify/create an account. Requesting more scopes than you
|
||||
// actually need is both a privacy and a security smell.
|
||||
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
|
||||
|
||||
// google.Endpoint is a predefined value from
|
||||
// golang.org/x/oauth2/google pointing at Google's real
|
||||
// authorization and token URLs - we never hardcode those
|
||||
// ourselves.
|
||||
Endpoint: google.Endpoint,
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user