go-oidc
OpenID Connect support for Go
This package enables OpenID Connect support for the golang.org/x/oauth2 package.
provider, err := oidc.NewProvider(ctx, "https://accounts.google.com")
if err != nil {
}
oauth2Config := oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
RedirectURL: redirectURL,
Endpoint: provider.Endpoint(),
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
OAuth2 redirects are unchanged.
func handleRedirect(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
}
The on responses, the provider can be used to verify ID Tokens.
var verifier = provider.Verifier(&oidc.Config{ClientID: clientID})
func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil {
}
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
}
idToken, err := verifier.Verify(ctx, rawIDToken)
if err != nil {
}
var claims struct {
Email string `json:"email"`
Verified bool `json:"email_verified"`
}
if err := idToken.Claims(&claims); err != nil {
}
}