Name	Name	Last commit message	Last commit date
Latest commit History 437 Commits
.github/workflows	.github/workflows
advancedauth	advancedauth
amazon	amazon
authhandler	authhandler
bitbucket	bitbucket
cern	cern
clientcredentials	clientcredentials
endpoints	endpoints
facebook	facebook
fitbit	fitbit
foursquare	foursquare
github	github
gitlab	gitlab
google	google
heroku	heroku
hipchat	hipchat
instagram	instagram
internal	internal
jira	jira
jws	jws
jwt	jwt
kakao	kakao
linkedin	linkedin
mailchimp	mailchimp
mailru	mailru
mediamath	mediamath
microsoft	microsoft
nokiahealth	nokiahealth
odnoklassniki	odnoklassniki
paypal	paypal
slack	slack
spotify	spotify
stackoverflow	stackoverflow
twitch	twitch
uber	uber
vk	vk
yahoo	yahoo
yandex	yandex
.travis.yml	.travis.yml
CONTRIBUTING.md	CONTRIBUTING.md
LICENSE	LICENSE
README.md	README.md
example_test.go	example_test.go
go.mod	go.mod
go.sum	go.sum
oauth2.go	oauth2.go
oauth2_test.go	oauth2_test.go
token.go	token.go
token_test.go	token_test.go
transport.go	transport.go
transport_test.go	transport_test.go

OAuth2 for Go - extended with advanced authentication

This repo is a drop-in replacement of golang.org/x/oauth2

It extends the original library with additional authentication methods:

private_key_jwt
tls_client_auth
self_signed_tls_client_auth

Additionally, it also adds utility methods for easy use of PKCE.

Installation

When using go modules you can run:

go mod edit -replace golang.org/x/oauth2 github.com/cloudentity/oauth2

Usage

When using any of the originally supported authentication methods, there's no need to change anything. This library can be used as a drop-in replacement.

For new authentication methods see the examples below:

Private Key JWT

Client credentials

import (
	"context"
	"time"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/advancedauth"
	"golang.org/x/oauth2/clientcredentials"
)

    cfg := clientcredentials.Config{
        ClientID: "your client id",
        AuthStyle: oauth2.AuthStylePrivateKeyJWT,
        PrivateKeyAuth: advancedauth.PrivateKeyAuth{
    		Key:         "your PEM encoded private key",
    		Algorithm:   advancedauth.RS256,
    		Exp:         30 * time.Second,
        },
    }

    token, err := cfg.Token(context.Background())

Authorization code

import (
	"context"
	"time"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/advancedauth"
)

    cfg := oauth2.Config{
        ClientID: "your client id",
        Endpoint: oauth2.Endpoint{
            AuthStyle: oauth2.AuthStylePrivateKeyJWT,
        },
        PrivateKeyAuth: advancedauth.PrivateKeyAuth{
    		Key:         "your PEM encoded private key",
    		Algorithm:   advancedauth.RS256,
    		Exp:         30 * time.Second,
        },
        Scopes: []string{"scope1", "scope2"},
    },

    token, err := cfg.Exchange(context.Background(), "your authorization code")

TLS Auth

Both tls_client_auth and self_signed_tls_client_auth are handled with TLSAuth

Client credentials

import (
	"context"
	"time"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/advancedauth"
	"golang.org/x/oauth2/clientcredentials"
)

    cfg := clientcredentials.Config{
        ClientID: "your client id",
        AuthStyle: oauth2.AuthStyleTLS,
    	TLSAuth: advancedauth.TLSAuth{
    		Key:   "your certificate PEM encoded private key",
    		Certificate:   "your PEM encoded TLS certificate",
    	},
    }

    token, err := cfg.Token(context.Background())

Authorization code

import (
	"context"
	"time"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/advancedauth"
)

    cfg := oauth2.Config{
        ClientID: "your client id",
        Endpoint: oauth2.Endpoint{
            AuthStyle: oauth2.AuthStyleTLS,
        },
    	TLSAuth: advancedauth.TLSAuth{
    		Key:   "your certificate PEM encoded private key",
    		Certificate:   "your PEM encoded TLS certificate",
    	},
        Scopes: []string{"scope1", "scope2"},
    },

    token, err := cfg.Exchange(context.Background(), "your authorization code")

PKCE

import (
	"context"
	"time"

	"golang.org/x/oauth2"
	"golang.org/x/oauth2/advancedauth/pkce"
)

Create PKCE with

    p, err := pkce.New()

or, if you want to specify the code challenge method and verifier length

    p, err := pkce.NewWithMethodVerifierLength(pkce.512, 84)

AuthCodeURL

PKCE exposes few utility methods to ease creating AuthCodeURL

You can use utility methods returning needed AuthCodeOption's

    url = conf.AuthCodeURL("state", p.AuthCodeURLOpts()...)

or, individual methods

    url := conf.AuthCodeURL("state", p.ChallengeOpt(), p.MethodOpt())

Exchange

PKCE also exposes similar methods for Exchange

    tok, err := conf.Exchange(context.Background(), "exchange-code", p.ExchangeOpts()...)

or, with individual methods

    tok, err := conf.Exchange(context.Background(), "exchange-code", p.VerifierOpt(), p.MethodOpt())

Implementation

This fork tries to limit changes to the original codebase to the minimum. All the new major changes are implemented in the advancedauth package.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

OAuth2 for Go - extended with advanced authentication

Installation

Usage

Private Key JWT

Client credentials

Authorization code

TLS Auth

Client credentials

Authorization code

PKCE

AuthCodeURL

Exchange

Implementation

About

Releases

Packages

Contributors 145

Languages

License

golang/oauth2

Folders and files

Latest commit

History

Repository files navigation

OAuth2 for Go - extended with advanced authentication

Installation

Usage

Private Key JWT

Client credentials

Authorization code

TLS Auth

Client credentials

Authorization code

PKCE

AuthCodeURL

Exchange

Implementation

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 145

Languages

Packages