Repository files navigation

WARNING: 🚧 still under construction 🚧

implements the following standards:

• rfc6749/openid-connect-core: OAuth2/OIDC Authorization code flow
• rfc7636: PKCE andnone auth method
• rfc6772: OAuth2 Token Introspection
• draft-ietf-oauth-jwt-introspection-response-03: JWT Response for OAuth Token Introspection
• rfc7009: OAuth2 Token Revocation
• rfc8414: OAuth 2.0 Authorization Server Metadata
• rfc6749: OAuth2 RefreshToken
• rfc6749:client_secret_basic,client_secret_post auth method
• rfc7523: OAuth2private_key_jwt
• rfc9101: JAR (request= jwt parameter)
• rfc9126: Pushed Authorization Request (request_uri parameter)
• rfc9396: RAR (authorization_details)
• openid-connect-core: 3.1.3.7. ID Token Validation
• openid-connect-core: 3.1.3.8. Access Token Validation
• openid-connect-core: 5.5. Requesting Claims using the "claims" Request Parameterclaims=
• openid-connect-core: 5.3. UserInfo Endpoint
• openid-connect-core: 5.1. Standard Claims
• openid-connect-discovery:/.well-known/openid-configuration
• openid-connect-rpinitiated: RP initiated logout (endSession)

Seegodoc ordoc dir.

Builtin AuthMethod:

• none (default)
• client_secret_basic
• client_secret_post
• private_key_jwt

SeeGetting Started example for more info

You can also create your own auth method by implementing a simple interface, seeCustom Auth Method foran example implementation of Bearer Token Auth Method for token introspection.

SeeAuthorization Code Flow example for a sampleimplementation of the authorization code flow using with go standard http handler, id_token validation, userinfo call.

• Client Credentials Grant Flow
• Refresh Token Grant Flow
• Token Introspection

This library provides ergonomic api for adding support for Pushed Authorization Request, Jwt-secured Authorization Request (request= jwt),Rich Authotization Request (authorization_details) in your authorization request by adding extra options to youroauthx.AuthZRequest.

SeePAR RAR JAR example for more info.

This library has first class support for adding tracing header (and arbitrary headers) to http requests viacontext.Context.

It is encouraged to provide your own instance*http.Client with options.

Http and unmarshalling errors are returned using a customerror (*oauthx.HttpErr) that includes http response code, http response header, andhttp response body. It also as a builtin support for OAuth2 rfc6749 standard error.

Inspired bytigerbeetle's Tiger Style this library has http response sizelimits (defaultoauthx.LIMIT_HTTP_RESP_BODY_MAX_SIZE_BYTES) that you can override by usingoauthx.WellKnownWithHttpClient() andoauthx.WithHttpClientWithLimitoptions for fetching the wellknown metadata, and the oauth client respectively.

Seehttp tunning for more info.

This library is inspired bytigerbeetle's Tiger Style and implements someof the features, such as assertions and limits (on http responses).

The library has several assertion on input parameters, and will print as stacktrace onstderr then panic if one assertion fails (for examplepassingnil pointer as input).

Inspired bygit, this library provides ergonomic "porcelain" api (it isrecommended to only use the "procelain" function), but it also exposes its internal "plumbing" functions.

All the "plumbing" function are prefixed withPlumbing (for examplePlumbingDoHttpPARRequest).Plumbing functions can be used if you want to make your own http request, and parsing the http response.

• Supports ID Token encryption (Nested JWT), and/or signed
• Builtin support for Remote Jwks Uri (with caching)
• Support Userinfo encryption and/or signed (jwt) or JSON
• Support Introspection encryption and/or signed (jwt) or JSON

• https://github.com/ory/fosite
• https://github.com/coreos/go-oidc
• https://godoc.org/golang.org/x/oauth2