// Package oauth builds provider-specific OAuth2 configurations. Right now // there's only Google, but the package name is deliberately generic (not // "google") so a second provider (GitHub, Microsoft, ...) could live // alongside it later as its own file/function without a rename. package oauth import ( "golang.org/x/oauth2" "golang.org/x/oauth2/google" "git.hamidsoltani.com/hamid/go-simple-api/internal/config" ) // NewGoogleConfig builds the *oauth2.Config describing how to talk to // Google's OAuth2 system: our app's identity (ClientID/ClientSecret), // where Google should redirect the user back to after login // (RedirectURL - this MUST exactly match what's registered in the Google // Cloud Console), what permission we're requesting (Scopes), and which // provider's specific auth/token URLs to use (Endpoint). func NewGoogleConfig(cfg config.Config) *oauth2.Config { return &oauth2.Config{ ClientID: cfg.GoogleClientID, ClientSecret: cfg.GoogleClientSecret, RedirectURL: cfg.GoogleRedirectURL, // We only ask for the user's email - the minimum needed to // identify/create an account. Requesting more scopes than you // actually need is both a privacy and a security smell. Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"}, // google.Endpoint is a predefined value from // golang.org/x/oauth2/google pointing at Google's real // authorization and token URLs - we never hardcode those // ourselves. Endpoint: google.Endpoint, } }