@@ -42,7 +42,7 @@ To use the example below you need to export `GOOGLE_CLIENT_ID` and `GOOGLE_CLIEN
4242You also need to configure application domain and redirect URI in the Provider console/dashboard.
4343(redirect URI is same as OpenID URI in above table).
4444
45- Below is an example code but instead of copy/pasting it entirely you can use it for reference.
45+ Below is an example for authorization code flow but instead of copy/pasting it entirely you can use it for reference.
4646
4747``` go
4848package main
@@ -144,6 +144,83 @@ when GOIC has new features.
144144
145145> The example and discussion here assume ` localhost ` domain so adjust that accordingly for your domains.
146146
147+ ---
148+ ## GOIC API
149+
150+ GOIC supports full end-to-end for Authorization Code Flow, however if you want to manually interact, here's summary of API:
151+
152+ #### Check Provider
153+
154+ ``` go
155+ g := goic.New (" /auth/o8" false )
156+ g.NewProvider (" abc" " ..." WithCredential (" ..." " ..."
157+
158+ g.Supports (" abc" // true
159+ g.Supports (" xyz" // false
160+ ```
161+
162+ #### Refresh Token
163+
164+ Use it to request Access token by using refresh token.
165+
166+ ``` go
167+ g := goic.New (" /auth/o8" false )
168+ t := &goic.Token {RefreshToken: " your refresh token" Provider : goic.Microsoft .Name }
169+ tok , err := g.RefreshToken (t)
170+ // Do something with tok.AccessToken
171+ ```
172+
173+ #### Auth Request
174+
175+ Manually request authentication from OpenID Provider.
176+
177+ ``` go
178+ g := goic.New (" /auth/o8" false )
179+ p := g.NewProvider (" abc" " ..." WithCredential (" ..." " ..."
180+
181+ // Generate random unique state and nonce
182+ state , nonce := goic.RandomString (24 ), goic.RandomString (24 )
183+ // You must save them to cookie/session, so it can be retrieved later for crosscheck
184+
185+ // redir is the redirect url in your host for provider of interest
186+ redir := " https://localhost/auth/o8/" Name
187+
188+ // Redirects to provider first and then back to above redir url
189+ // res = http.ResponseWriter, req = *http.Request
190+ err := g.RequestAuth (p, state, nonce, redir, res, req)
191+ ```
192+
193+ #### Authentication
194+
195+ Manually attempt to authenticate after the request comes back from OpenID Provider.
196+
197+ ``` go
198+ g := goic.New (" /auth/o8" false )
199+ p := g.NewProvider (" abc" " ..." WithCredential (" ..." " ..."
200+
201+ // Read openid provider code from query param, and nonce from cookie/session etc
202+ // PS: Validate that the nonce is relevant to the state sent by openid provider
203+ code , nonce := " " " "
204+
205+ // redir is the redirect url in your host for provider of interest
206+ redir := " https://localhost/auth/o8/" Name
207+
208+ tok , err := g.Authenticate (p, code, nonce, redir)
209+ ```
210+
211+ ### Userinfo
212+
213+ Manually request Userinfo by using the token returned by Authentication above.
214+ ``` go
215+ g := goic.New (" /auth/o8" false )
216+ p := g.NewProvider (" abc" " ..." WithCredential (" ..." " ..."
217+ // ...
218+ tok , err := g.Authenticate (p, code, nonce, redir)
219+ user := g.UserInfo (tok)
220+ err := user.Error
221+ ```
222+
223+ ---
147224### Demo
148225
149226` GOIC ` has been implemented in opensource project [ adhocore/urlsh] ( https://github.com/adhocore/urlsh ) :
0 commit comments