Files
go-simple-api/internal/oauth/google.go
T
2026-07-16 10:13:46 +03:30

38 lines
1.5 KiB
Go

// Package oauth builds provider-specific OAuth2 configurations. Right now
// there's only Google, but the package name is deliberately generic (not
// "google") so a second provider (GitHub, Microsoft, ...) could live
// alongside it later as its own file/function without a rename.
package oauth
import (
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"git.hamidsoltani.com/hamid/go-simple-api/internal/config"
)
// NewGoogleConfig builds the *oauth2.Config describing how to talk to
// Google's OAuth2 system: our app's identity (ClientID/ClientSecret),
// where Google should redirect the user back to after login
// (RedirectURL - this MUST exactly match what's registered in the Google
// Cloud Console), what permission we're requesting (Scopes), and which
// provider's specific auth/token URLs to use (Endpoint).
func NewGoogleConfig(cfg config.Config) *oauth2.Config {
return &oauth2.Config{
ClientID: cfg.GoogleClientID,
ClientSecret: cfg.GoogleClientSecret,
RedirectURL: cfg.GoogleRedirectURL,
// We only ask for the user's email - the minimum needed to
// identify/create an account. Requesting more scopes than you
// actually need is both a privacy and a security smell.
Scopes: []string{"https://www.googleapis.com/auth/userinfo.email"},
// google.Endpoint is a predefined value from
// golang.org/x/oauth2/google pointing at Google's real
// authorization and token URLs - we never hardcode those
// ourselves.
Endpoint: google.Endpoint,
}
}