Name: go-oidc
Owner: CoreOS
Description: A Go OpenID Connect client.
Created: 2015-06-29 23:06:33.0
Updated: 2018-01-17 10:31:39.0
Pushed: 2018-01-17 17:01:38.0
Size: 253
Language: Go
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
This package enables OpenID Connect support for the golang.org/x/oauth2 package.
ider, err := oidc.NewProvider(ctx, "https://accounts.google.com")
rr != nil {
// handle error
onfigure an OpenID Connect aware OAuth2 client.
h2Config := oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
RedirectURL: redirectURL,
// Discovery returns the OAuth2 endpoints.
Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
OAuth2 redirects are unchanged.
handleRedirect(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
The on responses, the provider can be used to verify ID Tokens.
verifier = provider.Verifier(&oidc.Config{ClientID: clientID})
handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
// Verify state and errors.
oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil {
// handle error
}
// Extract the ID Token from OAuth2 token.
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
// handle missing token
}
// Parse and verify ID Token payload.
idToken, err := verifier.Verify(ctx, rawIDToken)
if err != nil {
// handle error
}
// Extract custom claims
var claims struct {
Email string `json:"email"`
Verified bool `json:"email_verified"`
}
if err := idToken.Claims(&claims); err != nil {
// handle error
}