Hi guys,
I'm trying to get a Go web app going on app engine and I'm stumbling in an unexpected place - user authentication. I want my users to authenticate using OAuth 2.0/OpenID Connect and I can't find anywhere what "the story" is on how to do this in App Engine, and especially in Go.
From what I can tell so far:
- Per the docs, the Users Service can be configured to use Google Accounts, Federated (OpenID 1.0?) logins or Google Apps. Stumbling block:
- No way to set "Federated" login in "new" Dev console and coupled with the fact that Google deprecated OpenID 1.0/2.0 as well as OAuth 1.0, it seems this is not a good path for me to pursue.
- Not interested in Goole Apps accounts or just Google Accounts as the only login option which makes the entire Users Service not useful to me, and with that, the entire App Engine authentication infrastructure.
- Google is pushing "Google+ Sign-In", which is OpenID Connect compliant. I found some docs on how to get it going, but from what I can tell, there is no way to integrate it with the "User" concept in App Engine - the entire security infrastructure is now forced onto me and my app and I have to implement all token exchange/token verification/storage myself. Also not good/great, but doable.
- There is something called the Google Identity Toolkit, which at first glance looks "recent", and something that might be doing what I'm trying to do, yet the docs point to the "old" dev. console and I couldn't follow the instructions in the "new" dev console. It's also not clear how this integrates with the App Engine Users service, if at all.
- There are various "demo" apps/frameworks/libraries using OAuth 2.0 authentication on App Engine out there, but all of them are Python or Java.
Is the Users Service in App Engine effectively deprecated, considering there are no plans (from what I can tell) to migrate it to OpenID Connect?
If it is deprecated, and we're expected to do low-level Open ID Connect/OAuth 2.0 token exchange, is there some guidance/best practices somewhere on how to make it work with App Engine, specifically Go? I don't want to implement too much code on my own when it comes to security, due to the risk of getting something critical wrong.
Has anyone gotten OpenID Connect to work on App Engine, with the Users Service, in Go? Or am I too deep down the rabbit hole?
Thanks!