Can I use Google authentication but restrict which users have access to my private golang app?

agolangf · · 616 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>I&#39;m building a web application for my girlfriend&#39;s company. I have them set up with Google apps for mail, drive, calendar, and contacts services. Instead of building out my own authentication layer, I&#39;m hoping to utilize some sort of existing Google authentication.</p> <p>My only requirement is that I must be able to dictate what Google users have access to the application. In this case, all users with the custom domain I set up with their Google Apps account.</p> <p>Is this possible? Or should I look in another direction?</p> <p>My Project: <a href="https://github.com/gspencerfabian/tts-scheduler" rel="nofollow">https://github.com/gspencerfabian/tts-scheduler</a> </p> <hr/>**评论:**<br/><br/>ExploreAndTell: <pre><p>Try looking into OAuth, I think that&#39;s what you mean by Google Authentication.</p></pre>gspencerfabian: <pre><p>So I have, but the question I&#39;m trying to ask is: Can I use any of Google&#39;s auth protocols(whether it be oauth, oauth2, basic auth) to authenticate limited users with my app? I don&#39;t care about accessing the users google data. I&#39;m just lazy and don&#39;t want to build a authentication layer. Taking time out of my normal work day to reset set someone&#39;s password in my girlfriends company does not appeal to me.</p> <p>The reason I&#39;m looking at Google&#39;s authentication is because their company already uses google apps. </p></pre>cube2222: <pre><p>Someone logs in using Google -&gt; you check their Google user data for the domain -&gt; you let him in and give him a cookie/reject him</p></pre>gspencerfabian: <pre><p>Thanks cube222, that will do the trick. I think I was over thinking this.</p></pre>xrstf: <pre><p>This is exactly what I used Google&#39;s OAuth for in my personal file hosting app. I&#39;m simply configuring the e-mail addresses of users I allow and check that after the OAuth workflow is over.</p> <p>You might want to check out the <a href="https://github.com/xrstf/hosty/blob/master/ctrl_oauth.go" rel="nofollow">oauth controller</a> and the <a href="https://github.com/xrstf/hosty/tree/master/oauth" rel="nofollow">oauth providers</a> for some inspiration. The app is based on Gin but does not use any specific OAuth library.</p></pre>gspencerfabian: <pre><p>This is great. Great job with hosty by the way, it looks awesome. Thanks xrstf</p></pre>TheMerovius: <pre><p>I think you are looking for <a href="https://cloud.google.com/iam/" rel="nofollow">Identity and Access Management</a>. Though it&#39;s also interesting to know where your stuff is running (i.e. if it&#39;s running on the Google Cloud or not).</p> <p>Also, the authentication you describe should be pretty simple, you just want to <code>if !strings.HasSuffix(user.Email, &#34;@example.com&#34;) { http.Error(res, http.StatusForbidden, &#34;forbidden&#34;) }</code> or something.</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

616 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传