Skip to content

octoml/go-oidc

This branch is 8 commits behind coreos/go-oidc:v3.

Folders and files

NameName
Last commit message
Last commit date
Sep 1, 2022
Feb 4, 2021
Nov 28, 2023
Jul 8, 2015
Jun 29, 2015
Jun 29, 2015
Jun 29, 2015
Nov 1, 2018
Jun 29, 2015
Jan 7, 2021
Jan 4, 2018
Nov 29, 2023
Nov 29, 2023
Sep 1, 2022

Repository files navigation

go-oidc

Go Reference github.com/coreos/go-oidc/v3

Updates from v2 to v3

There were two breaking changes made to the v3 branch. The import path has changed from:

github.com/coreos/go-oidc

to:

github.com/coreos/go-oidc/v3/oidc

And the return type of NewRemoteKeySet() is now *RemoteKeySet instead of an interface (#262).

OpenID Connect support for Go

This package enables OpenID Connect support for the golang.org/x/oauth2 package.

provider, err := oidc.NewProvider(ctx, "https://accounts.google.com")
if err != nil {
    // handle error
}

// Configure an OpenID Connect aware OAuth2 client.
oauth2Config := oauth2.Config{
    ClientID:     clientID,
    ClientSecret: clientSecret,
    RedirectURL:  redirectURL,

    // Discovery returns the OAuth2 endpoints.
    Endpoint: provider.Endpoint(),

    // "openid" is a required scope for OpenID Connect flows.
    Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}

OAuth2 redirects are unchanged.

func handleRedirect(w http.ResponseWriter, r *http.Request) {
    http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
}

The on responses, the provider can be used to verify ID Tokens.

var verifier = provider.Verifier(&oidc.Config{ClientID: clientID})

func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
    // Verify state and errors.

    oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
    if err != nil {
        // handle error
    }

    // Extract the ID Token from OAuth2 token.
    rawIDToken, ok := oauth2Token.Extra("id_token").(string)
    if !ok {
        // handle missing token
    }

    // Parse and verify ID Token payload.
    idToken, err := verifier.Verify(ctx, rawIDToken)
    if err != nil {
        // handle error
    }

    // Extract custom claims
    var claims struct {
        Email    string `json:"email"`
        Verified bool   `json:"email_verified"`
    }
    if err := idToken.Claims(&claims); err != nil {
        // handle error
    }
}

About

A Go OpenID Connect client.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 99.9%
  • Shell 0.1%