googleAuthIDTokenVerifier

package module

v0.0.0-...-56e7938 Latest Latest Go to latest Published: Oct 29, 2019 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/willgittoes/google-auth-id-token-verifier

Links

Open Source Insights

README ¶

google-auth-id-token-verifier

Golang port of OAuth2Client.prototype.verifyIdToken from google-auth-library-nodejs

Verify idtoken without making http request to tokeninfo API.

Usage


import (
    "github.com/futurenda/google-auth-id-token-verifier"
)

v := googleAuthIDTokenVerifier.Verifier{}
aud := "xxxxxx-yyyyyyy.apps.googleusercontent.com"
err := v.VerifyIDToken(TOKEN, []string{
    aud,
})
if err == nil {
    claimSet, err := googleAuthIDTokenVerifier.Decode(TOKEN)
    // claimSet.Iss,claimSet.Email ... (See claimset.go)
}

Features

Fetch public key from www.googleapis.com/oauth2/v3/certs
Respect cache-control in response from www.googleapis.com/oauth2/v3/certs
JWT Parser
Check Signature
Check IssueTime, ExpirationTime with ClockSkew
Check Issuer
Check Audience

Deps

golang.org/x/oauth2/jws

Documentation ¶

Index ¶

Variables
func VerifySignedJWTWithCerts(token string, certs *Certs, allowedAuds []string, issuers []string, ...) error
type Certs
type ClaimSet
- func Decode(token string) (*ClaimSet, error)
type Verifier
- func (v *Verifier) VerifyIDToken(idToken string, audience []string) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidToken = errors.New("Invalid token")

	ErrPublicKeyNotFound = errors.New("No public key found for given kid")

	ErrWrongSignature = errors.New("Wrong token signature")

	ErrNoIssueTimeInToken = errors.New("No issue time in token")

	ErrNoExpirationTimeInToken = errors.New("No expiration time in token")

	ErrExpirationTimeTooFarInFuture = errors.New("Expiration time too far in future")

	ErrTokenUsedTooEarly = errors.New("Token used too early")

	ErrTokenUsedTooLate = errors.New("Token used too late")
)

View Source

var (
	// MaxTokenLifetime is one day
	MaxTokenLifetime = time.Second * 86400

	// ClockSkew - five minutes
	ClockSkew = time.Minute * 5

	// Issuers is the allowed oauth token issuers
	Issuers = []string{
		"accounts.google.com",
		"https://accounts.google.com",
	}
)

Functions ¶

func VerifySignedJWTWithCerts ¶

func VerifySignedJWTWithCerts(token string, certs *Certs, allowedAuds []string, issuers []string, maxExpiry time.Duration) error

VerifySignedJWTWithCerts is golang port of OAuth2Client.prototype.verifySignedJwtWithCerts

Types ¶

type Certs ¶

type Certs struct {
	Keys   map[string]*rsa.PublicKey
	Expiry time.Time
}

type ClaimSet ¶

type ClaimSet struct {
	jws.ClaimSet
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Name          string `json:"name"`
	Picture       string `json:"picture"`
	GivenName     string `json:"given_name"`
	FamilyName    string `json:"family_name"`
	Locale        string `json:"locale"`
	// Hd is the hosted domain, present if the user is in a Gsuite domain.
	Hd string `json:"hd,omitempty"`
}

func Decode ¶

func Decode(token string) (*ClaimSet, error)

Decode returns ClaimSet

type Verifier ¶

type Verifier struct{}

func (*Verifier) VerifyIDToken ¶

func (v *Verifier) VerifyIDToken(idToken string, audience []string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL