type ProtectedResourceMetadata struct {// Resource (resource) is the protected resource's resource identifier.// Required.Resourcestring `json:"resource"`// AuthorizationServers (authorization_servers) is an optional slice containing a list of// OAuth authorization server issuer identifiers (as defined inRFC 8414) that can be// used with this protected resource.AuthorizationServers []string `json:"authorization_servers,omitempty"`// JWKSURI (jwks_uri) is an optional URL of the protected resource's JSON Web Key (JWK) Set// document. This contains public keys belonging to the protected resource, such as// signing key(s) that the resource server uses to sign resource responses.JWKSURIstring `json:"jwks_uri,omitempty"`// ScopesSupported (scopes_supported) is a recommended slice containing a list of scope// values (as defined inRFC 6749) used in authorization requests to request access// to this protected resource.ScopesSupported []string `json:"scopes_supported,omitempty"`// BearerMethodsSupported (bearer_methods_supported) is an optional slice containing// a list of the supported methods of sending an OAuth 2.0 bearer token to the// protected resource. Defined values are "header", "body", and "query".BearerMethodsSupported []string `json:"bearer_methods_supported,omitempty"`// ResourceSigningAlgValuesSupported (resource_signing_alg_values_supported) is an optional// slice of JWS signing algorithms (alg values) supported by the protected// resource for signing resource responses.ResourceSigningAlgValuesSupported []string `json:"resource_signing_alg_values_supported,omitempty"`// ResourceName (resource_name) is a human-readable name of the protected resource// intended for display to the end user. It is RECOMMENDED that this field be included.// This value may be internationalized.ResourceNamestring `json:"resource_name,omitempty"`// ResourceDocumentation (resource_documentation) is an optional URL of a page containing// human-readable information for developers using the protected resource.// This value may be internationalized.ResourceDocumentationstring `json:"resource_documentation,omitempty"`// ResourcePolicyURI (resource_policy_uri) is an optional URL of a page containing// human-readable policy information on how a client can use the data provided.// This value may be internationalized.ResourcePolicyURIstring `json:"resource_policy_uri,omitempty"`// ResourceTOSURI (resource_tos_uri) is an optional URL of a page containing the protected// resource's human-readable terms of service. This value may be internationalized.ResourceTOSURIstring `json:"resource_tos_uri,omitempty"`// TLSClientCertificateBoundAccessTokens (tls_client_certificate_bound_access_tokens) is an// optional boolean indicating support for mutual-TLS client certificate-bound// access tokens (RFC 8705). Defaults to false if omitted.TLSClientCertificateBoundAccessTokensbool `json:"tls_client_certificate_bound_access_tokens,omitempty"`// AuthorizationDetailsTypesSupported (authorization_details_types_supported) is an optional// slice of 'type' values supported by the resource server for the// 'authorization_details' parameter (RFC 9396).AuthorizationDetailsTypesSupported []string `json:"authorization_details_types_supported,omitempty"`// DPOPSigningAlgValuesSupported (dpop_signing_alg_values_supported) is an optional// slice of JWS signing algorithms supported by the resource server for validating// DPoP proof JWTs (RFC 9449).DPOPSigningAlgValuesSupported []string `json:"dpop_signing_alg_values_supported,omitempty"`// DPOPBoundAccessTokensRequired (dpop_bound_access_tokens_required) is an optional boolean// specifying whether the protected resource always requires the use of DPoP-bound// access tokens (RFC 9449). Defaults to false if omitted.DPOPBoundAccessTokensRequiredbool `json:"dpop_bound_access_tokens_required,omitempty"`}

funcGetProtectedResourceMetadataFromHeader¶

func GetProtectedResourceMetadataFromHeader(ctxcontext.Context, headerhttp.Header, c *http.Client) (_ *ProtectedResourceMetadata, errerror)

GetProtectedResourceMetadataFromHeader retrieves protected resource metadatausing information in the given header, using the given client (or the defaultclient if nil).It issues a GET request to a URL discovered by parsing the WWW-Authenticate headers in the given request,It then validates the resource field of the resulting metadata against the given URL.If there is no URL in the request, it returns nil, nil.

funcGetProtectedResourceMetadataFromID¶

func GetProtectedResourceMetadataFromID(ctxcontext.Context, resourceIDstring, c *http.Client) (_ *ProtectedResourceMetadata, errerror)

GetProtectedResourceMetadataFromID issues a GET request to retrieve protected resourcemetadata from a resource server by its ID.The resource ID is an HTTPS URL, typically with a host:port and possibly a path.For example:

https://example.com/server

This function, following the spec (§3), inserts the default well-known path into theURL. In our example, the result would be

https://example.com/.well-known/oauth-protected-resource/server

It then retrieves the metadata at that location using the given client (or thedefault client if nil) and validates its resource field against resourceID.