googleoidc

package

v0.2.9 Latest Latest Go to latest Published: Apr 14, 2026 License: MIT Imports: 15 Imported by: 0

Details

This section is empty.

View Source

var CertsURL = "https://www.googleapis.com/oauth2/v3/certs"

CertsURL is the endpoint returning Google public signing keys. It can be overridden in tests.

View Source

var HTTPClient = &http.Client{Timeout: 5 * time.Second}

HTTPClient is used for metadata requests and can be overridden in tests.

View Source

var MetadataHost = "http://metadata.google.internal"

MetadataHost is the base URL for the metadata server. It is overridden in tests.

This section is empty.

type GoogleOIDC struct{}

GoogleOIDC obtains an identity token from the GCP metadata server and sets it on outgoing requests.

func (g *GoogleOIDC) AddAuth(ctx context.Context, r *http.Request, params interface{}) error

func (g *GoogleOIDC) Name() string

func (g *GoogleOIDC) OptionalParams() []string

func (g *GoogleOIDC) ParseParams(m map[string]interface{}) (interface{}, error)

func (g *GoogleOIDC) RequiredParams() []string

type GoogleOIDCAuth struct{}

GoogleOIDCAuth validates Google issued ID tokens from incoming requests.

func (g *GoogleOIDCAuth) Authenticate(ctx context.Context, r *http.Request, params interface{}) bool

func (g *GoogleOIDCAuth) Identify(r *http.Request, params interface{}) (string, bool)

Identify returns the token's subject claim when present.

func (g *GoogleOIDCAuth) Name() string

func (g *GoogleOIDCAuth) OptionalParams() []string

func (g *GoogleOIDCAuth) ParseParams(m map[string]interface{}) (interface{}, error)

func (g *GoogleOIDCAuth) RequiredParams() []string

func (g *GoogleOIDCAuth) StripAuth(r *http.Request, params interface{})

StripAuth removes the Authorization header from the request.