Authentication libraries or examples

[ps]

Hi, I'm interested in developing an API/end-user app with an Angular front-end.

Are there any libraries or proven examples I should be looking at to handle authentication for this scenario?

I've searched and read for a while and didn't find too much that is specific to Go, but there's a lot of general advice out there ranging from "It's easy, just do this" to "Never, ever do that, leave it to the experts (stupid!)."

It tends to leave one lost in the forest, confused.

[Stephen Day]

This blog [1] has a fairly complete account of how to implement a form-based authorization flow using gorilla sessions. Adapting it for angular is as simple as moving the POST /login call to use the angular $http service, rather than direct form input. As long as your solution correctly uses gorilla/sessions and communication happens over https, the implementation should be "adequately" secure.

[1]: http://shadynasty.biz/blog/2012/09/05/auth-and-sessions/

[Robert Johnstone]

Hello,

You can look at httpauth-go.  I don't think it is seeing much use, as you said most people seem to be handling things internally, but it could provide a start.

Good luck.

[ps]

Thanks for the responses. I had seen the blog post, but not the library.

It's strange, I think there's probably a lot of interest in this topic, but not much discussion. It's something we're all dealing with, and while there may be some differences among apps, we're all basically doing the same thing (particularly in single page applications).

[Guillermo Estrada]

Yes, the idea of form bases authentication and sessions is pretty straight forward. Security measures are taken in other áreas, like https, and storing passwords hashed and randomly salted, securing cookies with encryption, etc...

Most of this does not have to do with the App itself, and Gorilla sessions at least takes care of half of it in Go. You Just have to mind storing your password hashes with B-crypt or something, and use https whenever possible. I also store IP and time of last Access so I can log out users from time to time from inactivity and such, its more App logic than Go implementation really, no Library is going to do that for you.

[sv savage]

I wrote gowss (github.com/greenpdx/gowss) with a authentication library.  It use postgres database.  I do all the authentication and password changed as stored procedures.   

it is at gows/auth.  I use gorilla as a base.

On Wednesday, November 20, 2013 7:33:44 AM UTC-8, ps wrote:

[Peter Nguyen]

There is this OAUTH server

https://github.com/RangelReale/osin

[ps]

FWIW, I believe there are libraries in Ruby, Node, and Python that do exactly these things! (Understanding that this may not exist in the Go ecosystem.)

I'm looking to adapt the provided examples. Also considering how this may differ for API usage (token-based scheme?).

[kevin.s...@gmail.com]

Did you ever make any progress on this? 

[ps]

Nope.