Run your own OAuth 2.0 server that issues access tokens to client apps
Protect an API by requiring clients to exchange credentials for a token first
Generate signed JWT access tokens instead of random opaque strings
Swap the in-memory token store for Redis, MySQL, or another database in production
| go-oauth2/oauth2 | dave/jennifer | datadog/datadog-agent | |
|---|---|---|---|
| Stars | 3,615 | 3,617 | 3,612 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | easy | hard |
| Complexity | 3/5 | 2/5 | 4/5 |
| Audience | developer | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
The built-in store is in-memory only, a real deployment needs a separate database-backed store package.
This repository is a library for building an OAuth 2.0 authorization server in the Go programming language. OAuth 2.0 is a standard way for one application to let a user log in and grant limited access to their data without sharing a password directly, and this library follows the official RFC 6749 specification for how that process should work. Using the library, you create a manager that issues and checks access tokens, and you register the client applications that are allowed to request them. The README's example server sets up an in-memory store for both tokens and registered clients, then wires up two HTTP routes, one for the authorization step and one for exchanging a grant for an access token, using Go's standard net/http package. A short example shows a client requesting authorization and then exchanging it for a token, receiving back a JSON response with the access token, its scope, and how long it stays valid. Stated features include support for setting a time-to-live on stored tokens, custom expiration times, custom scopes, custom extension fields on a token, and generating tokens as signed JWTs instead of random strings. The built-in store keeps everything in memory, which is fine for trying the library out, but the project also lists several separate community packages that connect it to Redis, MongoDB, MySQL, PostgreSQL, DynamoDB, Firestore, and a few other databases for real deployments. Installation is a single go get command. The project is released under the MIT license, and a complete working example simulating the authorization code flow is included in the repository's example folder for anyone who wants to see a fuller setup than the quick start.
A Go library for running your own OAuth 2.0 authorization server, handling client registration and access token issuing following the standard spec.
Mainly Go. The stack also includes Go, net/http, JWT.
MIT licensed, free to use, modify, and distribute, including for commercial projects, as long as the copyright notice is kept.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.