Package htsec provides security detail for your endpoints.
The security detail, with it's guards, protect your handlers. In the oauth2 flow the state parameter is signed and verified.
$ go get sogvin.com/htsec
$ git clone https://git.sogvin.com/htsec.git
There is a reference example at github.com/gregoryv/servant.