Golang Facebook authentication using golang.org/x/oauth2

Question

Golang Facebook authentication using golang.org/x/oauth2

I am trying to write a simple program using the golang.org/x/oauth2 package. But I can not exchange the code for an access token. The following error is a bit misleading, as it says that an authorization code was used, but I see a new code every time I call the login dialog. I am new to golang and I could make a basic mistake, any pointers would be very helpful :)

  clientOptions, err = oauth2.New( oauth2.Client("xxxxxx", "22222222222222"), oauth2.RedirectURL("http://localhost:3000/auth/cb/fb2"), oauth2.Scope("public_profile", "email", "user_friends"), oauth2.Endpoint( "https://www.facebook.com/dialog/oauth", "https://graph.facebook.com/oauth/access_token", ), ) func handleFBSetupOauth(w http.ResponseWriter, r *http.Request) { url := clientOptions.AuthCodeURL("state", "online", "auto") fmt.Printf("Visit the URL for the auth dialog: %v", url) http.Redirect(w, r, url, http.StatusFound) } func handleFBOauthCB(w http.ResponseWriter, r *http.Request) (int, string) { var err error code := r.FormValue("code") if code == "" { return 500, "No code!" } fmt.Printf("code - %s", code) t, err := clientOptions.NewTransportFromCode(code) if err != nil { log.Fatal(err) } client := http.Client{Transport: t} url := "https://graph.facebook.com/oauth/access_token?client_id=xxxxxxx&redirect_uri=http://localhost:3000/auth/cb/fb2&client_secret=22222222&code=" + code + "" resp, err := client.Get(url)

I got the following error from the last get request -

{"error": {"message": "This authorization code was used.", "type": "OAuthException", "code": 100}}

I follow these two guides - Facebook login thread - https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2

The latest document from goauth - https://godoc.org/golang.org/x/oauth2

+11

go oauth-2.0 facebook-graph-api

padlar Dec 08 '14 at 23:32

source share

1 answer

Laurent · Accepted Answer · 2016-04-17T02:49:28+0000

Here is a simple example to get you started:

 package main import ( "fmt" "io/ioutil" "log" "net/http" "net/url" "strings" "golang.org/x/oauth2" "golang.org/x/oauth2/facebook" ) var ( oauthConf = &oauth2.Config{ ClientID: "YOUR_CLIENT_ID", ClientSecret: "YOUR_CLIENT_SECRET", RedirectURL: "YOUR_REDIRECT_URL_CALLBACK", Scopes: []string{"public_profile"}, Endpoint: facebook.Endpoint, } oauthStateString = "thisshouldberandom" ) const htmlIndex = `<html><body> Logged in with <a href="/login">facebook</a> </body></html> ` func handleMain(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html; charset=utf-8") w.WriteHeader(http.StatusOK) w.Write([]byte(htmlIndex)) } func handleFacebookLogin(w http.ResponseWriter, r *http.Request) { Url, err := url.Parse(oauthConf.Endpoint.AuthURL) if err != nil { log.Fatal("Parse: ", err) } parameters := url.Values{} parameters.Add("client_id", oauthConf.ClientID) parameters.Add("scope", strings.Join(oauthConf.Scopes, " ")) parameters.Add("redirect_uri", oauthConf.RedirectURL) parameters.Add("response_type", "code") parameters.Add("state", oauthStateString) Url.RawQuery = parameters.Encode() url := Url.String() http.Redirect(w, r, url, http.StatusTemporaryRedirect) } func handleFacebookCallback(w http.ResponseWriter, r *http.Request) { state := r.FormValue("state") if state != oauthStateString { fmt.Printf("invalid oauth state, expected '%s', got '%s'\n", oauthStateString, state) http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } code := r.FormValue("code") token, err := oauthConf.Exchange(oauth2.NoContext, code) if err != nil { fmt.Printf("oauthConf.Exchange() failed with '%s'\n", err) http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } resp, err := http.Get("https://graph.facebook.com/me?access_token=" + url.QueryEscape(token.AccessToken)) if err != nil { fmt.Printf("Get: %s\n", err) http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } defer resp.Body.Close() response, err := ioutil.ReadAll(resp.Body) if err != nil { fmt.Printf("ReadAll: %s\n", err) http.Redirect(w, r, "/", http.StatusTemporaryRedirect) return } log.Printf("parseResponseBody: %s\n", string(response)) http.Redirect(w, r, "/", http.StatusTemporaryRedirect) } func main() { http.HandleFunc("/", handleMain) http.HandleFunc("/login", handleFacebookLogin) http.HandleFunc("/oauth2callback", handleFacebookCallback) fmt.Print("Started running on http://localhost:9090\n") log.Fatal(http.ListenAndServe(":9090", nil)) }

Golang Facebook authentication using golang.org/x/oauth2

More articles: