otremblay / oauth1a

No Description

Olivier Tremblay:   133a2467c7 things 3 years ago
scripts 2d175c155f Add a script for local updates 5 years ago
.gitignore a43c4bd68c Splitting off library into its own repo 5 years ago
CONTRIBUTORS d8451cd7fc Update contributors. 5 years ago
LICENSE a43c4bd68c Splitting off library into its own repo 5 years ago
README.md fc2542bc5f Moving example off to twittergo-examples project. 4 years ago
oauth1a.go 133a2467c7 things 3 years ago
oauth1a_integration_test.go 3c706436f2 Log more in the integration test. 4 years ago
oauth1a_test.go 44cb2040ae Include leading 0 when escaping bytes < 16. Fixes #2. 5 years ago
userconfig.go 133a2467c7 things 3 years ago


Package oauth1a


An implementation of OAuth 1.0a in Go1.



go get github.com/kurrik/oauth1a

Include in your source:

import "github.com/kurrik/oauth1a"


Clone this repository, then run:

go test -short

in the oauth1a directory. To run an integration test, create a file named CREDENTIALS in the library directory. There should be four lines in this file, in the following format:

<Twitter consumer key>
<Twitter consumer secret>
<Twitter access token>
<Twitter access token secret>

Then run:

go test

This will run an integration test against the Twitter /account/verify_credentials.json endpoint.


A good approach wil be to check oauth1a_test.go for usage.

As a vague example, here is code to configure the library for accessing Twitter:

service := &oauth1a.Service{
    RequestURL:   "https://api.twitter.com/oauth/request_token",
    AuthorizeURL: "https://api.twitter.com/oauth/request_token",
    AccessURL:    "https://api.twitter.com/oauth/request_token",
    ClientConfig: &oauth1a.ClientConfig{
        ConsumerKey:    "<your Twitter consumer key>",
        ConsumerSecret: "<your Twitter consumer secret>",
        CallbackURL:    "<your Twitter callback URL>",
    Signer: new(oauth1a.HmacSha1Signer),

To obtain user credentials:

httpClient := new(http.Client)
userConfig := &oauth1a.UserConfig{}
userConfig.GetRequestToken(service, httpClient)
url, _ := userConfig.GetAuthorizeURL(service)
var token string
var verifier string
// Redirect the user to <url> and parse out token and verifier from the response.
userConfig.GetAccessToken(token, verifier, service, httpClient)

Or if you have existing credentials:

token := "<your access token>"
secret := "<your access token secret>"
userConfig := NewAuthorizedConfig(token, secret)

To send an authenticated request:

httpRequest, _ := http.NewRequest("GET", "https://api.twitter.com/1/account/verify_credentials.json", nil)
service.Sign(httpRequest, userConfig)
var httpResponse *http.Response
var err error
httpResponse, err = httpClient.Do(httpRequest)


github.com/twittergo-examples/sign_in/main.go - A three legged example which uses Twitter's API. To run, cd to the examples directory and then run:


This will host a server on localhost:10000 (use the -port flag to change the port this runs on). Navigate to http://localhost:10000 and then follow the sign in flow.

Note that this example implements a rudimentary session mechanism so that the callback can be matched to the user who initiated the sign in session. Otherwise, it would be possible for one user to initiate a sign in session and another user to complete it. This is a best practice but imposes a requirement for the auth flow to be stateful. If you understand the risks in removing this check from your application, it is possible to implement the flow in a stateless manner.