{"id":13713707,"url":"https://github.com/lithdew/oauth2-go","last_synced_at":"2025-04-23T22:03:59.076Z","repository":{"id":107949733,"uuid":"372181533","full_name":"lithdew/oauth2-go","owner":"lithdew","description":"What does it take to write a minimal security-first OAuth 2.0 Server w/ OpenID Connect support in Go?","archived":false,"fork":false,"pushed_at":"2021-06-04T15:15:28.000Z","size":47,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-23T22:03:53.160Z","etag":null,"topics":["go","oauth2-server","openid-connect"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lithdew.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-30T10:11:42.000Z","updated_at":"2024-09-02T05:16:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"fb318cd0-aae2-4786-8550-e45a670fead3","html_url":"https://github.com/lithdew/oauth2-go","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lithdew%2Foauth2-go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lithdew%2Foauth2-go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lithdew%2Foauth2-go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lithdew%2Foauth2-go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lithdew","download_url":"https://codeload.github.com/lithdew/oauth2-go/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250522302,"owners_count":21444511,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","oauth2-server","openid-connect"],"created_at":"2024-08-02T23:01:42.444Z","updated_at":"2025-04-23T22:03:58.768Z","avatar_url":"https://github.com/lithdew.png","language":"Go","funding_links":[],"categories":["Repositories"],"sub_categories":[],"readme":"# oauth2\n\n[IETF RFC 6749: OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc6749)\n\n## Security Considerations\n\n1. [IETF RFC 6794 Section 1.4: Opaque access tokens](https://datatracker.ietf.org/doc/html/rfc6749#section-1.4)\n2. [IETF RFC 6819 Section 5.1.4.1.3: No Cleartext Storage of Credentials](https://datatracker.ietf.org/doc/html/rfc6819#section-5.1.4.1.3)\n3. [IETF RFC 6819 Section 5.1.4.1.4: Encryption of Credentials](https://datatracker.ietf.org/doc/html/rfc6819#section-5.1.4.1.4)\n4. [IETF RFC 6819 Section 5.1.5.2: Determine Expiration Time](https://datatracker.ietf.org/doc/html/rfc6819#section-5.1.5.2)\n5. [IETF RFC 6819 Section 5.1.5.3: Use Short Expiration Time](https://datatracker.ietf.org/doc/html/rfc6819#section-5.1.5.3)\n6. [IETF RFC 6819 Section 5.1.5.8: Bind Token to Client id](https://datatracker.ietf.org/doc/html/rfc6819#section-5.1.5.8)\n7. [IETF RFC 6819 Section 5.2.4.4: Binding of Authorization \"code\" to \"client_id\"](https://datatracker.ietf.org/doc/html/rfc6819#section-5.2.4.4)\n8. [IETF RFC 6819 Section 5.2.4.5: Binding of Authorization \"code\" to \"redirect_uri\"](https://datatracker.ietf.org/doc/html/rfc6819#section-5.2.4.5)\n9. [IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636)\n\nAuthorization codes, and access tokens are generated by generating 32 bytes using a cryptographically-secure PRNG, and\npassing it through HMAC-SHA256 with a secret key that is kept in the authorization server. The randomly-generated bytes\nand MAC are then individually BASE64-URL-encoded with no padding, and concatenated together with a \".\" delimiter.\n\n```\nbase64_url_no_padding(prng_bytes).base64_url_no_padding(hmac_sha256(prng_bytes, secret_key))\n```\n\nAll OAuth 2.0 client secrets are bcrypt-hashed with a cost of 10. The server supports client credentials being passed\nthrough either the HTTP `Authorization` header, or through the request body in the case the endpoint being queried\nsupports being queried with url-encoded form data as a request body.\n\nOAuth 2.0 Implicit Flow and Resource Owner Password Credentials Flow are intentionally not going to be supported as they\nare strongly advised against being used by recent IETF RFCs and several many identity providers.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flithdew%2Foauth2-go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flithdew%2Foauth2-go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flithdew%2Foauth2-go/lists"}