OAuth 2.0 is how a third party application accesses user data in the cloud. The spec describes it this way: “The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service…” So you need to understand it to programmatically access almost all user data now stored in various online services: Amazon, Google, GitHub, Facebook, LinkedIn, Strava, and countless others. In this article, we’ll build an OAuth 2.0 client application in Go and use it to access our user data in multiple services.
The core spec, RFC 6749, is actually surprisingly readable so don’t be intimidated by the vast amounts of monospace text. Though keep in mind that the core spec is just the beginning of the journey, some parts are now dated and there have been a number of additions and clarifications over the years. In particular now, you’ll want to read the RFC 8252 spec for native apps.
All committee based specs have their own jargon, so we’ll dive into that first to set the context.
#api #golang #programming #oauth