[Go] Use Open ID Connect with go-oidc

Open ID Connect --There is a token issuance process in the evolved version of outh2 --Delegate to another provider (Google in this case) without having authentication information such as user password in the application itself --There are various providers - Google - AzureAD - AWS Cognito - outh0 --There is a concept of state to prevent spoofing such as cross-site scripting.

Official package

https://github.com/coreos/go-oidc

Installation

git cloen https://github.com/coreos/go-oidc

Set up according to the README of the example

cd go-oidc/example

yuta:~/go-oidc/example (v3=) $ cat README.md
# Examples

These are example uses of the oidc package. Each requires a Google account and the client ID and secret of a registered OAuth2 application. To create one:

1. Visit your [Google Developer Console][google-developer-console].
2. Click "Credentials" on the left column.
3. Click the "Create credentials" button followed by "OAuth client ID".
4. Select "Web application" and add "http://127.0.0.1:5556/auth/google/callback" as an authorized redirect URI.
5. Click create and add the printed client ID and secret to your environment using the following variables:

Access the Google Developer Console

https://console.developers.google.com/

Create authentication information (application)

Set

Setting environment variables

--Create will create a client ID and client secret

export GOOGLE_OAUTH2_CLIENT_ID=739786550065-g36863uform2efr5nrvvmjpj30pu9nuf.apps.googleusercontent.com
export GOOGLE_OAUTH2_CLIENT_SECRET=4sLRLGBdYu_un8C58c8Yg2yr

The OS environment variable of the execution server is read by the os package

var (
  clientID     = os.Getenv("GOOGLE_OAUTH2_CLIENT_ID")
  clientSecret = os.Getenv("GOOGLE_OAUTH2_CLIENT_SECRET")
)

Operation check

Start-up

yuta:~/go-oidc/example (v3=) $ go run idtoken/app.go
2021/01/17 16:13:04 listening on http://127.0.0.1:5556/

Access http://127.0.0.1:5556/

When authentication is successful