| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 31 Jul 2025 08:11:29 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"4c3f6cc3a17bb4efd572dcbda6c84750"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=ZOWgCBKqu%2Fs70GRTTkmUN1M1eDAcCJum9sxiqi%2BG3%2FYkh5VV6BWqn6WbofBe9FCRBBVT1%2FDSapxLeM2JusrONpCos3b%2BrWbz13KpcH7eTnTstyAJlMLDcBHFdYTjpKoRbfpTwsd5ci58sD5n6%2FmEa%2FYkeyFne0BpOw4TxR9UhLEPk4HbUm8ju1JZRzZ4exOHOOzhHkTo9h2zqU6ApClgZ%2FroQgjb9tyYw%2FDvTbm%2BP3dATbtNtRD7ITJrk0E%2Bv1fWuiMA9q11oIdt1A9KjssAKw%3D%3D--sVphRNSq0IosMOyY--XTAiHIcgojAbi3ls%2FUUkZg%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.229293590.1753949489; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 08:11:29 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 08:11:29 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: C902:36DC87:5C7F88:72DF6B:688B2531
4.1. Authentication · vardius/go-api-boilerplate Wiki · GitHub
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 138
4.1. Authentication
Rafał Lorenz edited this page Jun 11, 2020
·
2 revisions
This application uses OAuth 2.0 Server to authenticate users. Each service should use Password Credentials Grant in need of new access token.
The Password grant type is used by first-party clients to exchange a user's credentials for an access token. Since this involves the client asking the user for their password, it should not be used by third party clients.
Other grant types are disabled for now. For more information on how to configure OAuth 2.0 Server see go-oauth2/oauth2.
For refreshing tokens client should call authentication server's http endpoints directly. User service calls auth services only when user requests access token or registers with social media.
Token verification can be done in two ways:
- asking auth service if token is valid, which would be the correct way
- verifying token using authenticator (this works because both services uses the same secret)
upon changing that ideally call auth service for verification using TokenAuthOauthHandler instead of TokenAuthSecretHandler
Clone this wiki locally
You can’t perform that action at this time.