commit | 3344a5f3afe350e61bac74b7b9925b57330b6d58 | [log] [tgz] |
---|---|---|
author | Eric Chiang <ericchiang@google.com> | Tue Jun 23 03:27:19 2020 |
committer | GitHub <noreply@github.com> | Tue Jun 23 03:27:19 2020 |
tree | 672264bb97824a1eeb62165ad0d98fec76a843a4 | |
parent | 8d771559cf6e5111c9b9159810d0e4538e7cdc82 [diff] | |
parent | 526e05fd6b9d20a317aca386fe924ba6f9fd5341 [diff] |
Merge pull request #247 from ericchiang/mod *: add a go.mod file and migrate to v3 package
This package enables OpenID Connect support for the golang.org/x/oauth2 package.
provider, err := oidc.NewProvider(ctx, "https://accounts.google.com") if err != nil { // handle error } // Configure an OpenID Connect aware OAuth2 client. oauth2Config := oauth2.Config{ ClientID: clientID, ClientSecret: clientSecret, RedirectURL: redirectURL, // Discovery returns the OAuth2 endpoints. Endpoint: provider.Endpoint(), // "openid" is a required scope for OpenID Connect flows. Scopes: []string{oidc.ScopeOpenID, "profile", "email"}, }
OAuth2 redirects are unchanged.
func handleRedirect(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
}
The on responses, the provider can be used to verify ID Tokens.
var verifier = provider.Verifier(&oidc.Config{ClientID: clientID}) func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) { // Verify state and errors. oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code")) if err != nil { // handle error } // Extract the ID Token from OAuth2 token. rawIDToken, ok := oauth2Token.Extra("id_token").(string) if !ok { // handle missing token } // Parse and verify ID Token payload. idToken, err := verifier.Verify(ctx, rawIDToken) if err != nil { // handle error } // Extract custom claims var claims struct { Email string `json:"email"` Verified bool `json:"email_verified"` } if err := idToken.Claims(&claims); err != nil { // handle error } }