38 lines
1.5 KiB
Go
38 lines
1.5 KiB
Go
// Package oauth builds provider-specific OAuth2 configurations. Right now
|
|
// there's only Google, but the package name is deliberately generic (not
|
|
// "google") so a second provider (GitHub, Microsoft, ...) could live
|
|
// alongside it later as its own file/function without a rename.
|
|
package oauth
|
|
|
|
import (
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/google"
|
|
|
|
"git.hamidsoltani.com/hamid/go-simple-api/internal/config"
|
|
)
|
|
|
|
// NewGoogleConfig builds the *oauth2.Config describing how to talk to
|
|
// Google's OAuth2 system: our app's identity (ClientID/ClientSecret),
|
|
// where Google should redirect the user back to after login
|
|
// (RedirectURL - this MUST exactly match what's registered in the Google
|
|
// Cloud Console), what permission we're requesting (Scopes), and which
|
|
// provider's specific auth/token URLs to use (Endpoint).
|
|
func NewGoogleConfig(cfg config.Config) *oauth2.Config {
|
|
return &oauth2.Config{
|
|
ClientID: cfg.GoogleClientID,
|
|
ClientSecret: cfg.GoogleClientSecret,
|
|
RedirectURL: cfg.GoogleRedirectURL,
|
|
|
|
// We only ask for the user's email - the minimum needed to
|
|
// identify/create an account. Requesting more scopes than you
|
|
// actually need is both a privacy and a security smell.
|
|
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
|
|
|
|
// google.Endpoint is a predefined value from
|
|
// golang.org/x/oauth2/google pointing at Google's real
|
|
// authorization and token URLs - we never hardcode those
|
|
// ourselves.
|
|
Endpoint: google.Endpoint,
|
|
}
|
|
}
|