Documentation
¶
Overview ¶
Package googleoauth contains some helpers related to Google OAuth2.
Index ¶
Constants ¶
const (
// TokeninfoEndpoint is Google's token info endpoint.
TokeninfoEndpoint = "https://oauth2.googleapis.com/tokeninfo"
)
Variables ¶
var ErrBadToken = errors.New("bad token")
ErrBadToken is returned by GetTokenInfo if the passed token is invalid.
Functions ¶
This section is empty.
Types ¶
type TokenInfo ¶
type TokenInfo struct {
Azp string `json:"azp"`
Aud string `json:"aud"`
Sub string `json:"sub"`
Scope string `json:"scope"`
Exp int64 `json:"exp,string"`
ExpiresIn int64 `json:"expires_in,string"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified,string"`
AccessType string `json:"access_type"`
}
TokenInfo is information about an access or ID tokens.
Of primary importance are 'email', 'email_verified', 'scope' and 'aud' fields. If the caller using token info endpoint to validate tokens, it MUST check correctness of these fields.
func GetTokenInfo ¶
func GetTokenInfo(ctx context.Context, params TokenInfoParams) (*TokenInfo, error)
GetTokenInfo queries token info endpoint and returns information about the token if it is recognized.
See https://developers.google.com/identity/sign-in/android/backend-auth#calling-the-tokeninfo-endpoint.
On invalid token (as indicated by 4** HTTP response) returns ErrBadToken. On other HTTP-level errors (e.g. HTTP 500) returns transient-wrapped *googleapi.Error. On network-level errors returns them in a transient wrapper.
type TokenInfoParams ¶
type TokenInfoParams struct {
AccessToken string // an access token to check
IDToken string // an ID token to check (overrides AccessToken)
Client *http.Client // non-authenticating client to use for the call
Endpoint string // an endpoint to use instead of the default one
}
TokenInfoParams are parameters for GetTokenInfo call.
Source Files