go-oidc

module
v3.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 17, 2021 License: Apache-2.0

README

go-oidc

Go Reference github.com/AspenTeam/go-oidc/v3

Updates from v2 to v3

There were two breaking changes made to the v3 branch. The import path has changed from:

github.com/AspenTeam/go-oidc

to:

github.com/AspenTeam/go-oidc/v3/oidc

And the return type of NewRemoteKeySet() is now *RemoteKeySet instead of an interface (#262).

OpenID Connect support for Go

This package enables OpenID Connect support for the golang.org/x/oauth2 package.

provider, err := oidc.NewProvider(ctx, "https://accounts.google.com")
if err != nil {
    // handle error
}

// Configure an OpenID Connect aware OAuth2 client.
oauth2Config := oauth2.Config{
    ClientID:     clientID,
    ClientSecret: clientSecret,
    RedirectURL:  redirectURL,

    // Discovery returns the OAuth2 endpoints.
    Endpoint: provider.Endpoint(),

    // "openid" is a required scope for OpenID Connect flows.
    Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}

OAuth2 redirects are unchanged.

func handleRedirect(w http.ResponseWriter, r *http.Request) {
    http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
}

The on responses, the provider can be used to verify ID Tokens.

var verifier = provider.Verifier(&oidc.Config{ClientID: clientID})

func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
    // Verify state and errors.

    oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
    if err != nil {
        // handle error
    }

    // Extract the ID Token from OAuth2 token.
    rawIDToken, ok := oauth2Token.Extra("id_token").(string)
    if !ok {
        // handle missing token
    }

    // Parse and verify ID Token payload.
    idToken, err := verifier.Verify(ctx, rawIDToken)
    if err != nil {
        // handle error
    }

    // Extract custom claims
    var claims struct {
        Email    string `json:"email"`
        Verified bool   `json:"email_verified"`
    }
    if err := idToken.Claims(&claims); err != nil {
        // handle error
    }
}

Directories

Path Synopsis
example
idtoken
This is an example application to demonstrate parsing an ID Token.
This is an example application to demonstrate parsing an ID Token.
userinfo
This is an example application to demonstrate querying the user info endpoint.
This is an example application to demonstrate querying the user info endpoint.
Package oidc implements OpenID Connect client logic for the golang.org/x/oauth2 package.
Package oidc implements OpenID Connect client logic for the golang.org/x/oauth2 package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL