Hone logo
Hone
Problems

Implement a Basic OAuth2 Client in Go

This challenge requires you to build a functional OAuth2 client application in Go. You will simulate the process of a user authorizing your application to access their data from a third-party service. This is a fundamental skill for integrating with modern web APIs, enabling secure delegated access to user resources.

Problem Description

Your task is to implement a Go program that acts as an OAuth2 client. This program will guide a user through the authorization code grant flow to obtain an access token from a simulated OAuth2 provider.

Key Requirements:

  • Simulated Provider: You'll need to set up a very basic Go HTTP server that acts as a mock OAuth2 authorization server. This server should:
    • Handle the authorization request endpoint (/authorize).
    • Present a simple "authorize app" page to the user.
    • Upon user approval, redirect the user back to your client's redirect URI with an authorization code.
    • Handle the token request endpoint (/token).
    • Upon receiving a valid authorization code and client credentials, issue a dummy access token.
  • OAuth2 Client Logic: Your main Go application (the client) should:
    • Initiate the OAuth2 flow by redirecting the user to the simulated provider's /authorize endpoint.
    • Listen for incoming requests on its registered redirect URI.
    • Extract the authorization code from the redirect URL.
    • Make a POST request to the simulated provider's /token endpoint with the authorization code and client credentials to exchange it for an access token.
    • Print the obtained access token to the console.
  • Client Credentials: Define fixed client_id and client_secret for your client application.

Expected Behavior:

  1. The client application starts and prints a message indicating it's starting the OAuth2 flow.
  2. The client application redirects the user's browser to the simulated provider's /authorize URL.
  3. The simulated provider displays an authorization page.
  4. The user "approves" the authorization.
  5. The simulated provider redirects the user's browser back to the client's redirect URI, including an authorization_code query parameter.
  6. The client application receives this request, extracts the authorization_code.
  7. The client application makes a POST request to the simulated provider's /token endpoint.
  8. The simulated provider validates the code and client credentials and returns a dummy access token.
  9. The client application prints the received access token.

Edge Cases to Consider:

  • Invalid Authorization Code: While the simulated provider won't strictly validate, consider how your client would ideally handle a missing or malformed authorization code.
  • Network Errors: Basic handling of potential network issues when communicating with the provider.

Examples

Example 1: Successful Authorization Code Grant Flow

Simulated Provider Setup: (Not directly shown as output, but assumed to be running)

  • Listens on http://localhost:9000
  • /authorize endpoint redirects to http://localhost:8000?code=<generated_code> after simulated approval.
  • /token endpoint accepts POST requests with grant_type=authorization_code, code, client_id, client_secret, and returns {"access_token": "dummy_access_token_123", "token_type": "bearer", "expires_in": 3600}.

Client Application Output (after user interaction):

Starting OAuth2 flow...
Redirecting user to: http://localhost:9000/authorize?client_id=myclient&redirect_uri=http://localhost:8000/callback&response_type=code&scope=read_profile
Waiting for authorization code at http://localhost:8000/callback...
Authorization code received: generated_auth_code_abc
Exchanging code for access token...
Access Token: dummy_access_token_123

Explanation: The client application initiated the flow, redirected the user. After the user's simulated approval on the provider's side, the provider redirected back to the client's callback URL with a code. The client then used this code to request an access token from the provider's /token endpoint and successfully received and printed it.

Constraints

  • The simulated OAuth2 provider and the client application should both run on localhost.
  • Use standard Go libraries (net/http, net/url, encoding/json, etc.) for implementation. You may use a third-party HTTP client library if you prefer, but it's not required.
  • The simulated provider does not need to implement complex security features like PKCE or refresh tokens for this challenge.
  • Client ID: myclient
  • Client Secret: mysecret
  • Redirect URI: http://localhost:8000/callback
  • Authorization Server URL: http://localhost:9000

Notes

  • You'll need to run two separate Go programs: one for the simulated provider and one for the client.
  • For the simulated provider's /authorize endpoint, you can simply hardcode a redirect to your client's callback URL with a dummy code parameter to simulate user approval.
  • For the simulated provider's /token endpoint, ensure it parses the incoming POST data correctly to retrieve the code, client_id, and client_secret.
  • Think about how to manage the client's HTTP server listening for the callback.
  • Success means your client application successfully obtains and prints a dummy access token.
Loading editor...
go