Documentation

Overview

    Package idtoken provides utilities for creating authenticated transports with ID Tokens for Google HTTP APIs. It also provides methods to validate Google issued ID tokens.

    Index

    Examples

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func NewClient

    func NewClient(ctx context.Context, audience string, opts ...ClientOption) (*http.Client, error)

      NewClient creates a HTTP Client that automatically adds an ID token to each request via an Authorization header. The token will have have the audience provided and be configured with the supplied options. The parameter audience may not be empty.

      func NewTokenSource

      func NewTokenSource(ctx context.Context, audience string, opts ...ClientOption) (oauth2.TokenSource, error)

        NewTokenSource creates a TokenSource that returns ID tokens with the audience provided and configured with the supplied options. The parameter audience may not be empty.

        Example (SetAuthorizationHeader)
        Output:
        
        

        Types

        type ClientOption

        type ClientOption = option.ClientOption

          ClientOption is for configuring a Google API client or transport.

          func WithCredentialsFile

          func WithCredentialsFile(filename string) ClientOption

            WithCredentialsFile returns a ClientOption that authenticates API calls with the given service account or refresh token JSON credentials file.

            func WithCredentialsJSON

            func WithCredentialsJSON(p []byte) ClientOption

              WithCredentialsJSON returns a ClientOption that authenticates API calls with the given service account or refresh token JSON credentials.

              func WithCustomClaims

              func WithCustomClaims(customClaims map[string]interface{}) ClientOption

                WithCustomClaims optionally specifies custom private claims for an ID token.

                func WithHTTPClient

                func WithHTTPClient(client *http.Client) ClientOption

                  WithHTTPClient returns a ClientOption that specifies the HTTP client to use as the basis of communications. This option may only be used with services that support HTTP as their communication transport. When used, the WithHTTPClient option takes precedent over all other supplied options.

                  type Payload

                  type Payload struct {
                  	Issuer   string                 `json:"iss"`
                  	Audience string                 `json:"aud"`
                  	Expires  int64                  `json:"exp"`
                  	IssuedAt int64                  `json:"iat"`
                  	Subject  string                 `json:"sub,omitempty"`
                  	Claims   map[string]interface{} `json:"-"`
                  }

                    Payload represents a decoded payload of an ID Token.

                    func Validate

                    func Validate(ctx context.Context, idToken string, audience string) (*Payload, error)

                      Validate is used to validate the provided idToken with a known Google cert URL. If audience is not empty the audience claim of the Token is validated. Upon successful validation a parsed token Payload is returned allowing the caller to validate any additional claims.

                      type Validator

                      type Validator struct {
                      	// contains filtered or unexported fields
                      }

                        Validator provides a way to validate Google ID Tokens with a user provided http.Client.

                        func NewValidator

                        func NewValidator(ctx context.Context, opts ...ClientOption) (*Validator, error)

                          NewValidator creates a Validator that uses the options provided to configure a the internal http.Client that will be used to make requests to fetch JWKs.

                          func (*Validator) Validate

                          func (v *Validator) Validate(ctx context.Context, idToken string, audience string) (*Payload, error)

                            Validate is used to validate the provided idToken with a known Google cert URL. If audience is not empty the audience claim of the Token is validated. Upon successful validation a parsed token Payload is returned allowing the caller to validate any additional claims.