mystiq/dex
Archived
4
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2022-08-17. You can view files and clone it, but cannot push or open issues or pull requests.
dex/vendor/github.com/coreos/go-oidc
History
Exact
Pavel Borzenkov abd6805f1c *: revendor 
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
2016-11-23 20:02:09 +03:00
..
example *: revendor 2016-11-23 20:02:09 +03:00
http *: revendor 2016-11-23 20:02:09 +03:00
jose *: revendor 2016-11-23 20:02:09 +03:00
key *: revendor 2016-11-23 20:02:09 +03:00
oauth2 *: revendor 2016-11-23 20:02:09 +03:00
oidc *: revendor 2016-11-23 20:02:09 +03:00
.gitignore vendor: revendor using glide 2016-04-08 11:56:29 -07:00
.travis.yml *: revendor 2016-11-23 20:02:09 +03:00
CONTRIBUTING.md vendor: revendor using glide 2016-04-08 11:56:29 -07:00
DCO vendor: revendor using glide 2016-04-08 11:56:29 -07:00
gen.go *: revendor 2016-11-23 20:02:09 +03:00
jose.go *: revendor 2016-11-23 20:02:09 +03:00
jose_test.go *: revendor 2016-11-23 20:02:09 +03:00
jwks.go *: revendor 2016-11-23 20:02:09 +03:00
jwks_test.go *: revendor 2016-11-23 20:02:09 +03:00
LICENSE *: move ./Godeps/_workspace/src/ to ./vendor/ 2016-03-09 13:04:05 -08:00
MAINTAINERS vendor: revendor using glide 2016-04-08 11:56:29 -07:00
NOTICE *: move ./Godeps/_workspace/src/ to ./vendor/ 2016-03-09 13:04:05 -08:00
oidc.go *: revendor 2016-11-23 20:02:09 +03:00
oidc_test.go *: revendor 2016-11-23 20:02:09 +03:00
README.md *: revendor 2016-11-23 20:02:09 +03:00
test *: revendor 2016-11-23 20:02:09 +03:00
verify.go *: revendor 2016-11-23 20:02:09 +03:00
verify_test.go *: revendor 2016-11-23 20:02:09 +03:00

README.md

go-oidc

GoDoc Build Status

OpenID Connect support for Go

This package enables OpenID Connect support for the golang.org/x/oauth2 package.

provider, err := oidc.NewProvider(ctx, "https://accounts.google.com")
if err != nil {
    // handle error
}

// Configure an OpenID Connect aware OAuth2 client.
oauth2Config := oauth2.Config{
    ClientID:     clientID,
    ClientSecret: clientSecret,
    RedirectURL:  redirectURL,

    // Discovery returns the OAuth2 endpoints.
    Endpoint: provider.Endpoint(),

    // "openid" is a required scope for OpenID Connect flows.
    Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}

OAuth2 redirects are unchanged.

func handleRedirect(w http.ResponseWriter, r *http.Request) {
    http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
}

The on responses, the provider can be used to verify ID Tokens.

var verifier = provider.Verifier()

func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
    // Verify state and errors.

    oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
    if err != nil {
        // handle error
    }

    // Extract the ID Token from OAuth2 token.
    rawIDToken, ok := oauth2Token.Extra("id_token").(string)
    if !ok {
        // handle missing token
    }

    // Parse and verify ID Token payload.
    idToken, err := verifier.Verify(ctx, rawIDToken)
    if err != nil {
        // handle error
    }

    // Extract custom claims
    var claims struct {
        Email    string `json:"email"`
        Verified bool   `json:"email_verified"`
    }
    if err := idToken.Claims(&claims); err != nil {
        // handle error
    }
}