modulepackage
3.0.0+incompatible
Repository: https://github.com/micvbang/go-oidc.git
Documentation: pkg.go.dev
# README
go-oidc
OpenID Connect support for Go
This package enables OpenID Connect support for the golang.org/x/oauth2 package.
provider, err := oidc.NewProvider(ctx, "https://accounts.google.com")
if err != nil {
// handle error
}
// Configure an OpenID Connect aware OAuth2 client.
oauth2Config := oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
RedirectURL: redirectURL,
// Discovery returns the OAuth2 endpoints.
Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
OAuth2 redirects are unchanged.
func handleRedirect(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
}
The on responses, the provider can be used to verify ID Tokens.
var verifier = provider.Verifier(&oidc.Config{ClientID: clientID})
func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
// Verify state and errors.
oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil {
// handle error
}
// Extract the ID Token from OAuth2 token.
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
// handle missing token
}
// Parse and verify ID Token payload.
idToken, err := verifier.Verify(ctx, rawIDToken)
if err != nil {
// handle error
}
// Extract custom claims
var claims struct {
Email string `json:"email"`
Verified bool `json:"email_verified"`
}
if err := idToken.Claims(&claims); err != nil {
// handle error
}
}
# Packages
No description provided by the author
# Functions
ClientContext returns a new Context that carries the provided HTTP client.
NewProvider uses the OpenID Connect discovery mechanism to construct a Provider.
NewRemoteKeySet returns a KeySet that can validate JSON web tokens by using HTTP GETs to fetch JSON web token sets hosted at a remote URL.
NewVerifier returns a verifier manually constructed from a key set and issuer URL.
Nonce returns an auth code option which requires the ID Token created by the OpenID Connect provider to contain the specified nonce.
# Constants
ECDSA using P-256 and SHA-256.
ECDSA using P-384 and SHA-384.
ECDSA using P-521 and SHA-512.
RSASSA-PSS using SHA256 and MGF1-SHA256.
RSASSA-PSS using SHA384 and MGF1-SHA384.
RSASSA-PSS using SHA512 and MGF1-SHA512.
RSASSA-PKCS-v1.5 using SHA-256.
RSASSA-PKCS-v1.5 using SHA-384.
RSASSA-PKCS-v1.5 using SHA-512.
ScopeOfflineAccess is an optional scope defined by OpenID Connect for requesting OAuth2 refresh tokens.
ScopeOpenID is the mandatory scope for all OpenID Connect OAuth2 requests.
# Variables
No description provided by the author
# Structs
Config is the configuration for an IDTokenVerifier.
IDToken is an OpenID Connect extension that provides a predictable representation of an authorization event.
IDTokenVerifier provides verification for ID Tokens.
Provider represents an OpenID Connect server's configuration.
No description provided by the author
UserInfo represents the OpenID Connect userinfo claims.
# Interfaces
KeySet is a set of publc JSON Web Keys that can be used to validate the signature of JSON web tokens.