<p>I'm using golang.org/x/oauth2 and I'm not sure what the best way to store state it. I was looking into this a while ago and could have sworn I saw someone use net/context, but that wouldn't work would it because oauth is more than one request.</p>
<hr/>**评论:**<br/><br/>fqn: <pre><p>I know Rails omniauth stores some state in the session. Have a look at that library for a good reference implementation.</p></pre>captncraig: <pre><p>I store it in a cookie. I set a short time to live on it, 5 minutes or so I think, and I sign/encrypt it with gorilla/securecookie. </p></pre>ROFLLOLSTER: <pre><p>Alright, thanks. Do you use gorilla/session or just stdlib?</p></pre>captncraig: <pre><p>I don't use gorilla/session as I don't really like the concept of a "session" at all. I just use securecookie to encode/verify and handle the cookie myself. I also make sure to delete the cookie after the callback is received.</p></pre>ROFLLOLSTER: <pre><p>Ok, thanks.</p></pre>jasonrichardsmith: <pre><p><a href="https://jwt.io/" rel="nofollow">JWT</a></p></pre>ultra_brite: <pre><p>store state ? what does it means ? context should only exists during the request's life time.</p></pre>neoasterisk: <pre><p>Hey! I thought you had deleted all your golang comments. Are you back?</p></pre>
