search

martini-contrib / oauth2

[not maintained] Allows your Martini application to support user login via an OAuth 2.0 backend.
Apache License 2.0
125 stars 47 forks source link

Github Missing Access Token #20

Closed bcg closed 10 years ago

bcg commented 10 years ago

Was trying out the code from #18 when I stumbled on what looks like code.google.com/p/goauth2 not storing the access_token from Github. Both / and /login render nothing for tokens.Access().

package main

import (
  "github.com/go-martini/martini"
  "github.com/martini-contrib/oauth2"
  "github.com/martini-contrib/sessions"
)

func main() {

  m := martini.Classic()
  m.Use(sessions.Sessions("sess", sessions.NewCookieStore([]byte("qwerty"))))
  m.Use(oauth2.Github(&oauth2.Options{
    ClientId:     "xxx",
    ClientSecret: "xxx",
    RedirectURL:  "http://localhost:3000",
  }))

  m.Get("/", func(tokens oauth2.Tokens) string {
    if tokens.IsExpired() {
      return "not logged in, or the access token is expired"
    }
    return "logged in " + tokens.Access() + "."
  })

  m.Get("/login", oauth2.LoginRequired, func(tokens oauth2.Tokens) string {
    return tokens.Access()
  })

  m.Get("/logout", func(sess sessions.Session) string {
    sess.Clear()
    return "cleared!"
  })

  m.Run()
}
hansrodtang commented 10 years ago

If I understand things correctly your m.Get("/login" and m.Get("/logout" will never be called since this handler will overwrite the call to those URLs with its own functions login(...) and logout(...).

Your RedirectURL should probably also be http://127.0.0.1:3000/oauth2callback since the code that fetches the token and puts it into the session is activated by that URL.

Hope this helps.

rakyll commented 10 years ago

Sorry for the late reply, someone else was not able to go through the exchange flow with Github. It turned out his redirect is not properly set as @hansrodtang mentions above. See #18.