I love the Auth* space. It has so many different problems, so many scopes and so many use cases to tackle. I’ve been working with various [Grid][1] management frameworks the last year and written or contributed to various auth libraries like [zfc-rbac][2] or [Hydra][3] in the past. I never thought that the day would come, where I find certificates attractive. 
Before we ge ahead.
- Fosite Repository on GitHub. Continue reading to understand what Fosite solves and why.
- New users are only allowed two links per post, so I had change the urls slightly and had to dereference the links. Until somebody with higher privileges fixes that, you can find all the links in chronological order at the bottom of this post.
I believe that OAuth2 and OpenID Connect are well defined specs and that there are most definitely good OAuth2 libraries out there. But in the Go eco-stytem, the most common one, [Osin][4], has shown various weaknesses ([a][5], [b][6]) and is almost impossible to extend. But OAuth2 is not only a framework, it also comes with a less known but as important [RFC6819 “OAuth 2.0 Threat Model and Security Considerations”][7].
I am writing a library that is secure, fast and extensible. Because all of these three things matter in OAuth2, be it due to opening up your api, increasing network traffic with token lookups, or adding new specs like OpenID Connect on top of OAuth2.
The library is called Fosite and there is already a lot of stuff being done. Help me built the most badass OAuth2 library in existence and put Go on top of the Auth* micro-service food chain - or at least claim your spot in the [Hall of Fame][8].
- https:/ /www.lrz.de/services/compute/grid_en/
- https:/ /github.com/ZF-Commons/zfc-rbac
- https:/ /github.com/ory-am/hydra
- https:/ /github.com/RangelReale/osin
- https:/ /github.com/RangelReale/osin/pull/103
- https:/ /github.com/RangelReale/osin/issues/107
- https:/ /tools.ietf.org/html/rfc6819
- https:/ /github.com/ory-am/fosite#hall-of-fame