Authentication is often a requirement for accessing a service over the web—not always for the entire API, but certainly to access privileged user data. Most web-based authentication currently utilizes OAuth 2.0, a framework that allows applications to gain partial access to user data after permission is granted by the user. The authentication will need to show a web page the first time a resource is accessed to explain the request. As a GUI-based application, this workflow is often presented using an embedded browser window to hide the complexity of going to a web page for the permission request. Unfortunately, such functionality isn't built into many of the toolkits we've covered and so we'll instead simply open an external web browser for illustrating the workflow. This should only be required for first usage and, after that, the access granted should be remembered across application runs.
To demonstrate authentication, we'll further progress the client code used in each GoMail example. We'll extend it to read from the Gmail APIs to download messages. For this, you'll need to have a Gmail account and to have created a project in the Google Developer Console and enabled API access, which will generate CLIENT_ID and CLIENT_SECRET. First of all, we'll create a new function called authStream() that'll take a URL string parameter and return an io.ReadCloser stream like the previous readStream() and cacheStream() functions.