In this chapter, we are going to explore authentication patterns in Go. Those patterns are session-based authentication, JSON Web Tokens (JWT), and Open Authentication 2 (OAuth2). We will try to leverage the Gorilla package's sessions library to create basic sessions. Then, we will try to move onto advanced REST API authentication strategies such as using stateless JWT. Finally, we will see how to implement our own OAuth2 and also learn what packages are available to provide us out-of-box OAuth2 implementations. In the previous chapter, the API gateway implemented authentication (using plugins) for us. If the API gateway is not present in our architecture, how do we secure our API? You will find the answer in this chapter.

In this chapter, we will cover the following topics:

• How authentication works
• Introducing Postman, a visual client for testing APIs
• Session-based authentication in Go
• Introducing Redis to store user sessions
• Introduction to JSON Web Tokens (JWT)
• OAuth2 architecture and basics