I've started a new project and looking for a good package to implement user authentification. I'm not really looking to implement it by myself since there could be possible security issues. What I'm really looking for is a package similar to passport-js that implements vanilla authentication with register/login methods (no auth0 needed). I've been checking the awesome-go list and authboss seems to do it, but it has a covarage of 73% on github..
TL;DR Looking for a well test package to implement vanilla authentication with login/register methods..
评论:
tscs37:
Muchoz:73% is not a bad coverage and afaik the authboss package works very well.
I recommend to drop looking at raw testing metrics as a measurement of package quality, it's not possible to test 100% of all code.
Instead, you should look at what is and isn't tested and how.
NikkoTheGreeko:Exactly this. It's not because the code has coverage that it is bug free. I can have 100% coverage and have the most insecure library.
alireza94:Just talk nice to it and complement it more often.
thewhitetulip:In this regard, The Epic Fail of Enforcing Unit Tests.
Yojihito:I don't think you should start with oAuth, start with implementing your own version using gorilla/sessions for stateful and JWT tokens for RESTful API, you can read more about them here, https://github.com/thewhitetulip/web-dev-golang-anti-textbook/blob/master/manuscript/4.0authentication.md
mcouturier:JWT tokens can't be revoked ....
xyproto:Use a short lived one and revoke the refresh token
Keshenka:permissions2 uses bcrypt, secure cookies and redis. It's easy to get started with, fast and hashes passwords in a way that may prevent timing attacks.
Disclaimer: it's written by me, but it's fairly popular on github.
sairamk:Nice documentation. The examples were very helpful.
shark1337:I recently came across MultiPass if you are looking for a username type auth without a password which I was planning to use for my next project.
I use Goth for a hosted project(GitNotify) and it the integration was straight forward (for OAuth).
lumost:I'm lookinf for full auth system, but ty, I'll take a look ;).
alaskacodes:I've had some fairly good luck with https://github.com/markbates/goth for integrating with various OAuth providers. But it doesn't include any stock user register/lockout mechanisms.
Hexodam:I've used https://github.com/ory/hydra for a few things, and it seems really well put together so far.
Take a look at Bitly's oauth2 proxy
https://github.com/bitly/oauth2_proxy
It's not exactly what you are looking for but its great for handling the basic oauth part outside of your code, then you should only need to handle the session management.
