Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/felipeweb/osin-mysql

A MySQL storage backend for osin oauth2
https://github.com/felipeweb/osin-mysql

mysql osin osin-oauth2

Last synced: 20 days ago
JSON representation

A MySQL storage backend for osin oauth2

Host: GitHub
URL: https://github.com/felipeweb/osin-mysql
Owner: felipeweb
Created: 2016-08-16T15:54:13.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2019-05-29T10:12:08.000Z (over 5 years ago)
Last Synced: 2024-10-12T09:19:45.483Z (about 1 month ago)
Topics: mysql, osin, osin-oauth2
Language: Go
Homepage:
Size: 243 KB
Stars: 20
Watchers: 6
Forks: 26
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # osin-mysql 

![Travis](https://travis-ci.org/felipeweb/osin-mysql.svg?branch=master) [![GoDoc](https://godoc.org/github.com/felipeweb/osin-mysql?status.svg)](https://godoc.org/github.com/felipeweb/osin-mysql)

A MySQL storage backend for [osin oauth2](https://github.com/RangelReale/osin).

Additional to implementing the `osin.Storage` interface, the `github.com/felipeweb/osin-mysql/storage.Storage` interface defines new methods:

```

// CreateClient stores the client in the database and returns an error, if something went wrong.

CreateClient(client osin.Client) error

// UpdateClient updates the client (identified by its id) and replaces the values with the values of client.

// Returns an error if something went wrong.

UpdateClient(client osin.Client) error

// RemoveClient removes a client (identified by id) from the database. Returns an error if something went wrong.

RemoveClient(id string) error

```

## Encrypt your tokens

Unfortunately, the osin library offers little capabilities for storing credentials like access or refresh tokens in a

hashed or encrypted way. An attacker could gain access to your database through various attack vectors, steal these

tokens and gain, for example, administrative access to your application.

Please be aware, that this library stores all data as-is and does not perform any sort of encryption or hashing.

## Usage

First, install this library with `go get "github.com/felipeweb/osin-mysql"`.

```go

import (

	"database/sql"

	_ "github.com/go-sql-driver/mysql"

	"github.com/felipeweb/osin-mysql"

	"github.com/RangelReale/osin"

)

func main() {

    url := "user:password@tcp(host:3306)/dbname?parseTime=true"

    db, err := sql.Open("mysql", url)

    if err != nil {

        return nil, err

    }

    store := mysql.New(db,"osin_")

    store.CreateSchemas()

    server := osin.NewServer(osin.NewServerConfig(), store)

    // See the osin documentation for more information

    // e.g.: server.HandleAuthorizeRequest(resp, r)

}

```

## Limitations

TL;DR `AuthorizeData`'s `Client`'s and `AccessData`'s `UserData` field must be string due to language restrictions or an error will be thrown.

In osin, Client, AuthorizeData and AccessData have a `UserData` property of type `interface{}`. This does not work well

with SQL, because it is not possible to gob decode or unmarshall the data back, since the concrete type is not known.

Because osin's storage interface does not support setting the UserData type, **this library tries to convert UserData to string

and return it as such.** With this, you could for example gob encode (use e.g. base64 encode for SQL storage type compatibility)

the data before passing it to e.g. `FinishAccessRequest` and decode it when needed.

# 2016-10-23 BREAKING CHANGES

- Now `New()` recives a db object and a table prefix as parameter