{"id":16894633,"url":"https://github.com/oxisto/oauth2go","last_synced_at":"2025-07-28T17:32:05.524Z","repository":{"id":38396473,"uuid":"460094511","full_name":"oxisto/oauth2go","owner":"oxisto","description":"oauth2go aims to be a basic OAuth 2.0 authorization server that implements at least some of the most basic OAuth 2.0 flows.","archived":false,"fork":false,"pushed_at":"2024-11-11T09:35:29.000Z","size":194,"stargazers_count":2,"open_issues_count":5,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-11-20T00:11:45.785Z","etag":null,"topics":["authentication","go","golang","oauth2","pkce"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oxisto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-16T16:52:35.000Z","updated_at":"2024-11-11T09:35:32.000Z","dependencies_parsed_at":"2023-12-08T12:29:16.975Z","dependency_job_id":"da5f93cb-6828-414b-bda1-eeacee009dee","html_url":"https://github.com/oxisto/oauth2go","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxisto%2Foauth2go","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxisto%2Foauth2go/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxisto%2Foauth2go/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oxisto%2Foauth2go/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oxisto","download_url":"https://codeload.github.com/oxisto/oauth2go/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227825948,"owners_count":17825399,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","go","golang","oauth2","pkce"],"created_at":"2024-10-13T17:19:26.247Z","updated_at":"2024-12-03T14:57:45.182Z","avatar_url":"https://github.com/oxisto.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# oauth2go\n\n[![build](https://github.com/oxisto/oauth2go/actions/workflows/build.yml/badge.svg)](https://github.com/oxisto/oauth2go/actions/workflows/build.yml)\n[![](https://godoc.org/github.com/oxisto/oauth2go?status.svg)](https://pkg.go.dev/github.com/oxisto/oauth2go)\n[![Go Report Card](https://goreportcard.com/badge/github.com/oxisto/oauth2go)](https://goreportcard.com/report/github.com/oxisto/oauth2go)\n[![codecov](https://codecov.io/gh/oxisto/oauth2go/branch/main/graph/badge.svg)](https://codecov.io/gh/oxisto/oauth2go)\n\n\n## What is this?\n\n`oauth2go` aims to be a basic [OAuth 2.0](https://datatracker.ietf.org/doc/html/rfc6749) authorization server that implements at least some of the most basic OAuth 2.0 flows. Since the canonical import name for this package is `oauth2`, it also provides type aliases for exported structs and interfaces of the [`golang.org/x/oauth2`](https://pkg.go.dev/golang.org/x/oauth2) package, so that both OAuth 2.0 client and server structs can be accessed using an `oauth2` package. Additional structs for specialized client flows or endpoints still need to be retrieved from the corresponding sub-package, such as [`golang.org/x/oauth2/clientcredentials`](https://pkg.go.dev/golang.org/x/oauth2/clientcredentials).\n\nIn it's bare form, this package only contains an *authorization server*, which does not have any \"users\" or any possibility to \"log in\", as this is the duty of an *authentication server*. However, for convenience, the `login` package includes a very basic authentication server which implements a POST form based `/login` endpoint and a simple login form located in [`login/login.html`](login/login.html).\n\n## Why?\n\nThis project mainly started out of the need to have a very small, embedded OAuth 2.0 authorization server, written in Go. The main use case was a \"demo\" or all-in-one-mode of a large micro-service application, as well as integration testing. In production deployments, this application uses a dedicated authentication server, but I wanted something for my \"demo\" mode. While there are some implementations out there, it was not easy to fulfill my requirements.\n\n*I wanted something small, lean and easily embedded in my Go code, not a full-blown authentication services with thousands of adapters and backends (written in Java).*\n\n*I wanted something that intentionally does not support legacy flows but focuses on the newer RFCs and possibly move into the direction of [OAuth 2.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-04).*\n\n*I wanted something with zero (or almost) zero dependencies. Therefore I strictly try to only include the following dependencies: golang.org/x/oauth2, golang.org/x/crypto (which hopefully might be part of the standard library one day) and github.com/golang-jwt/jwt (which itself also has a zero dependency policy)*\n\n## How to use?\n\nA very simple OAuth 2.0 authorization server with an integrated authentication (\"login\") server can be created like this.\n\n```golang\nimport (\n    oauth2 \"github.com/oxisto/oauth2go\"\n    \"github.com/oxisto/oauth2go/login\"\n)\n\nfunc main() {\n    var srv *oauth2.AuthorizationServer\n\n    srv = oauth2.NewServer(\":8000\",\n        login.WithLoginPage(login.WithUser(\"admin\", \"admin\")),\n    )\n\n    srv.ListenAndServe()\n}\n```\n\nIf you want to use this project as a small standalone authentication server, you can use the Docker image to spawn one. The created user and client credentials will be printed on the console.\n\n```\ndocker run -p 8000:8000 ghcr.io/oxisto/oauth2go\n```\n\nA login form is available on http://localhost:8000/login.\n\n\n## (To be) Implemented Standards\n\n* [RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749). The OAuth 2.0 Authorization Framework\n* [RFC 6750](https://datatracker.ietf.org/doc/html/rfc6750). The OAuth 2.0 Authorization Framework: Bearer Token Usage\n* [RFC 7517](https://datatracker.ietf.org/doc/html/rfc7517). JSON Web Key (JWK)\n* [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636). Proof Key for Code Exchange by OAuth Public Clients\n* [RFC 8414](https://datatracker.ietf.org/doc/html/rfc8414). OAuth 2.0 Authorization Server Metadata ","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxisto%2Foauth2go","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foxisto%2Foauth2go","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foxisto%2Foauth2go/lists"}