At the end of an OAuth2 token exchange, I'm [typically] left with a JSON
array of user data that I've un-marshalled into a struct (say, GoogleUser)
with the fields I care about.

What is the sensible way of recording that data to my DB? Just call a
CreateUser function from the callback handler, pass the struct and save it
(the obvious way to me), after checking that the user doesn't already exist
in the DB?

I assume I should then create a session token (i.e. session.Values["authenticated"]
== true) in the callback handler, store that in a cookie (with a reasonable
expiry date) and simply just check for if authenticated == true on any
handler functions that expect a logged-in user? Or, for admin handlers: if admin_user
== true. What are the risks here (if any) presuming I'm talking over HTTPS
and using secure cookies?

Apologies for the basic questions: just trying to get a grip on "best
practice" ways to log users in w/ OAuth.

You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
postedMay 18, '13 at 3:14p
activeMay 18, '13 at 3:14p

1 user in discussion

Matt Silverlock: 1 post



site design / logo © 2022 Grokbase