oidc

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2026 License: MIT Imports: 17 Imported by: 0

Documentation

Overview

Package oidc validates OIDC bearer tokens against their issuer's JWKS endpoint.

JWKS keys are cached per issuer for 1 hour. Multi-issuer validation is supported via an optional allowlist.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ResetCacheForTesting 

func ResetCacheForTesting()

ResetCacheForTesting clears the JWKS cache. Only for use in tests.

func SetTrustedJWKSHosts added in v0.0.3 

func SetTrustedJWKSHosts(m map[string][]string)

SetTrustedJWKSHosts installs the per-issuer JWKS host override map. Set once at startup. Issuer keys are matched after trimming trailing slash; host values are matched case-insensitively against the discovered jwks_uri host.

Types

type Claims 

type Claims map[string]any

Claims is a map of decoded JWT claims.

func Validate 

func Validate(ctx context.Context, tokenString string, allowedIssuers []string) (Claims, error)

Validate verifies an OIDC bearer token's signature and standard claims against the issuer's JWKS endpoint. If allowedIssuers is non-empty, the token's issuer must be in the list.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.