Google Identity Toolkit with go Step 2

First I want to implement a callback for Google, Yahoo, AOL and MSN. That*s quite easy, these identity providers are supported by GIT.

func gitCallbackHandler(ctx *web.Context) string {

    ctx.SetHeader("Cache-Control", "max-age=0,private", true)
    userid := verifyByGoogle(ctx)
    user := getUserAccount(userid)
    registered := "false"
    if user.Active == "a" {
        registered = "true"
    }
    ctx.SetSecureCookie("l", userid, 60)
        return getAction(userid, registered)
}

func verifyByGoogle(ctx *web.Context) string {
 var reqbody = "{\"requestUri\":\"" + ctx.Request.Params["openid.return_to"] + "\",\"postBody\":\""
 for k, _ := range ctx.Request.Params {
  reqbody += k + "=" + url.QueryEscape(ctx.Request.Params[k]) + "&"
 }
 reqbody += "\"}"

 var api_url = "https://www.googleapis.com/identitytoolkit/v1/relyingparty/verifyAssertion?key=XXX"
 response, _ := http.Post(api_url, "application/json", strings.NewReader(reqbody))
 userid := ""
 if response.StatusCode == 200 {
  var f map[string]string
  b, _ := ioutil.ReadAll(response.Body)
  json.Unmarshal(b, &f)
  registerGoogleUser(ctx)
  userid = f["email"] + f["verifiedEmail"]
        }

 return userid
}

func getAction(userid,registered string) (action string) {
        if userid=="" {
         action="window.google.identitytoolkit.notifyFederatedError();"
        } else {
         action=`window.google.identitytoolkit.notifyFederatedSuccess({ "email": "` + userid + `", "registered": ` + registered + ` });`
        }
        return `
     
     `
     return
}

Yes, no error handling yet. You can try it on http://kwiqly.com