This Is How You Should Authenticate Your Users

Source: auth0.com
Source: auth0.com

Authentication is very essential to a digital app. Nowadays, there are so many tools that help developers build an authentication web service. One of them is Oauth 2.0 or open authentication.

You probably have seen it somewhere. With Oauth 2.0, users can log in to your app using external authentication providers such as Google, Facebook, Twitter, etc. Personally, I think Oauth 2.0 should be the norm. In most use cases, creating our own authentication system and storing users’ credentials in our own database is just too much of a hassle compared to letting Google or Facebook authenticate our users. Of course my theory has exceptions, for example a mobile banking app where storing and processing their users credentials is heavily regulated.

I had not found any article that covers thoroughly about how to make an authentication web service and authorisation middleware using Go, Oauth 2.0, and JWT with a working database. Thus, I made one.

In this article, I show how I make an authentication web server using Golang featuring Google Oauth and JWT.

To understand my code better please take a look at this sequential diagram for the authentication process:

A sequential diagram of my authentication service
A sequential diagram of my authentication service
A sequential diagram of my authentication service

From a user perspective, I find it frustrating when I have to create a new account to login to an app where they surely can utilize the Oauth 2.0.

Even when they enable Oauth 2.0, via Google for example, why are there two options: Log in via Google and Sign up via Google. That’s redundant. Why don’t they let Google authenticate me, and then they get my email, after that they check in their database whether I have registered or not.

So, for your next authentication service you can check my code for a reference.

Go developer.