DeserializeState deserializes the oauth state.

MustNew returns a new manager mutated by a given set of options and will panic on error.

MustSerializeState serializes a state value but panics if there is an error.

New returns a new Google Auth manager if options do not specify an endpoint, PublicKeyCache and Issuer.

NewPublicKeyCache creates a new public key cache.

OptAllowedDomains sets the manager allowedDomains.

OptClientID sets the manager cliendID.

OptClientSecret sets the manager clientSecret.

OptConfig sets managers attributes from config values.

OptEndpoint sets the manager public cache.

OptHostedDomain sets the manager hostedDomain.

OptIssuer sets the manager issuer url (for Okta Oauth variant).

OptPublicKeyCache sets the manager public cache.

OptRedirectURI sets the manager redirectURI.

OptScopes sets the manager scopes.

OptSecret sets the manager secret.

OptStateExtra sets the redirect uri on the stae.

OptStateRedirectURI sets the redirect uri on the stae.

OptStateSecureToken sets the secure token on the state.

OptTracer sets the manager tracer.

OptValidateJWT sets the jwt token validator function.

ParseTokenJWT parses a jwt from a given oauth2 token.

SerializeState serializes the oauth state.

ValidateJWTGoogle returns if the google issued jwt is valid or not.

ValidateJWTOkta returns if the okta issued jwt is valid or not.

ErrClientIDRequired is a self validation error.

ErrClientSecretRequired is a self validation error.

ErrCodeMissing is returned if the code was missing from an oauth return request.

ErrFailedCodeExchange happens if the code exchange for an access token fails.

ErrGoogleResponseStatus is an error that can occur when querying the google apis.

ErrInvalidAntiforgeryToken is an error returns on oauth finish that indicates we didn't originate the auth request.

ErrInvalidHostedDomain is an error returned if the JWT hosted zone doesn't match any of the whitelisted domains.

ErrInvalidJWT is returned when we fail to decode or verify the token jwt.

ErrInvalidJWTAudience is an error in validing the token jwt.

ErrInvalidJWTHostedDomain is an error in validing the token jwt.

ErrInvalidJWTIssuer is an error in validing the token jwt.

ErrInvalidRedirectURI is an error in validating the redirect uri.

ErrProfileJSONUnmarshal is an error returned if the json unmarshal failed.

ErrRedirectURIRequired is a self validation error.

ErrSecretRequired is a configuration error indicating we did not provide a secret.

ErrStateMissing is returned if the state was missing from an oauth return request.

GoogleIssuer is the expected `iss` field on JWTs from google.

GoogleIssuerAlternate is the alternate expected `iss` field on JWTs from google.

GoogleKeysURL is the url we fetch google's public verification keys in JWK form.

DefaultScopes is the default oauth scopes.

Config is the config options.

GoogleClaims are extensions to the jwt standard claims for google oauth.

Manager is the oauth manager.

Profile is a profile with google.

PublicKeyCache holds cached signing certs.

PublicKeysResponse is a response for the google certs api.

Response is the response details from the oauth exchange.

Result is the final result of the oauth exchange.

State is the oauth state.

Any is a loose type alias to interface{}.

TraceFinisher is a finisher for a trace.

Tracer is a trace shim.

Error is an error string.

Labels is a loose type alias to map[string]string.

Option is an option for oauth managers.

StateOption is an option for state objects.

ValidateJWTFunc is a function type for function that validates a JWT token.

Values is a loose type alias to map[string]interface{}.