auth: 13568ac73ac3 README.md

Note the potential for CSRF attacks. Our auth provider probably shouldn't have security vulnerabilities. Add TODOs to ensure that logging in and authorizing a grant are not susceptible to CSRF attacks, or it becomes pretty easy for an attacker to gain access to user data or to gain access to a user account.

1 OSIN

2 ====

4 Golang OAuth2 server library

5 ----------------------------

7 OSIN is an OAuth2 server library for the Go language, as specified at

8 http://tools.ietf.org/html/rfc6749 and http://tools.ietf.org/html/draft-ietf-oauth-v2-10.

10 Using it, you can build your own OAuth2 authentication service.

12 The library implements the majority of the specification, like authorization and token endpoints, and authorization code, implicit, resource owner and client credentials grant types.

14 ### Dependencies

16 * go-uuid (http://code.google.com/p/go-uuid)

18 ### Example Server

20 ````go

21 import "github.com/RangelReale/osin"

23 // TestStorage implements the "osin.Storage" interface

24 server := osin.NewServer(osin.NewServerConfig(), &TestStorage{})

26 // Authorization code endpoint

27 http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {

28 resp := server.NewResponse()

29 if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {

31 // HANDLE LOGIN PAGE HERE