I'm recently dealing with Go REST services, but I don't know if there any production-ready OAUTH2 server available?
As my services will be consumed by a single-paged web app as well as mobile clients, and users should be able to register their accounts, so I'm thinking about an OAUTH2 server.
I've been searching around and found that the standard package contains only the client side code https://github.com/golang/oauth2/blob/master/oauth2.go.
There is an OAUTH2 server built in Go (https://github.com/RangelReale/osin), but I don't have much expertise to review it.
Therefore, what are the options available for production applications? Should I use an OAUTH server implemented in another technology like nodejs because of their maturity?
EDIT: In .Net space there is a server implementation at https://github.com/identityserver/IdentityServer3
However, I would prefer something in GO.
Right after I asked the question, CoreOS released "dex" as an open source OpenID provider at https://github.com/coreos/dex
Though Oauth2 is very secure and a great implementation.
A common procedure used to secure web applications is as follows.
User registers to application and sends registration data to backend. Server handles registration information. Store hashed user password for future token requests and other such requests Create access token to be passed back to user(usually 32-64 bit) hash access token and store it in database for authentication of restful requests Send user back any data required as well as access token. Store access token on client machine(Possibly using localstorage.set() ) Future requests will have the access token attached to them for authentication.
Always check that the access token is still access and that it's hash matches the hashed value in the database.
Other implementations involve JWT's and so on.
If you do not have enough expertise in reviewing OAuth 2.0 library, then I would recommend to use reliable third party Oauth-as-a-service provider.
One example I know is Microsoft Azure ACS, which you can integrate with your golang application, and they will handle OAuth process as well as authentication and authorisation for you.
You can read about how it works here.