I'm using golang.org/x/oauth2 and I'm not sure what the best way to store state it. I was looking into this a while ago and could have sworn I saw someone use net/context, but that wouldn't work would it because oauth is more than one request.
评论:
fqn:
captncraig:I know Rails omniauth stores some state in the session. Have a look at that library for a good reference implementation.
ROFLLOLSTER:I store it in a cookie. I set a short time to live on it, 5 minutes or so I think, and I sign/encrypt it with gorilla/securecookie.
captncraig:Alright, thanks. Do you use gorilla/session or just stdlib?
ROFLLOLSTER:I don't use gorilla/session as I don't really like the concept of a "session" at all. I just use securecookie to encode/verify and handle the cookie myself. I also make sure to delete the cookie after the callback is received.
jasonrichardsmith:Ok, thanks.
ultra_brite:
neoasterisk:store state ? what does it means ? context should only exists during the request's life time.
Hey! I thought you had deleted all your golang comments. Are you back?
