Package googleoauth contains some helpers related to Google OAuth2.



View Source
const (
	// TokeninfoEndpoint is Google's token info endpoint.
	TokeninfoEndpoint = ""


View Source
var ErrBadToken = errors.New("bad token")

ErrBadToken is returned by GetTokenInfo if the passed token is invalid.


This section is empty.


type TokenInfo

type TokenInfo struct {
	Azp           string `json:"azp"`
	Aud           string `json:"aud"`
	Sub           string `json:"sub"`
	Scope         string `json:"scope"`
	Exp           int64  `json:"exp,string"`
	ExpiresIn     int64  `json:"expires_in,string"`
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified,string"`
	AccessType    string `json:"access_type"`

TokenInfo is information about an access or ID tokens.

Of primary importance are 'email', 'email_verified', 'scope' and 'aud' fields. If the caller using token info endpoint to validate tokens, it MUST check correctness of these fields.

func GetTokenInfo

func GetTokenInfo(c context.Context, params TokenInfoParams) (*TokenInfo, error)

GetTokenInfo queries token info endpoint and returns information about the token if it is recognized.


On invalid token (as indicated by 4** HTTP response) returns ErrBadToken. On other HTTP-level errors (e.g HTTP 500) returns transient-wrapped *googleapi.Error. On network-level errors returns them in a transient wrapper.

type TokenInfoParams

type TokenInfoParams struct {
	AccessToken string // an access token to check
	IDToken     string // an ID token to check (overrides AccessToken)

	Client   *http.Client // non-authenticating client to use for the call
	Endpoint string       // an endpoint to use instead of the default one

TokenInfoParams are parameters for GetTokenInfo call.

Source Files