const ScopeOpenID … const ScopeOfflineAccess … var errNoAtHash … var errInvalidAtHash … // ClientContext returns a new Context that carries the provided HTTP client. // // This method sets the same context key used by the golang.org/x/oauth2 package, // so the returned context works for that package too. // // myClient := &http.Client{} // ctx := oidc.ClientContext(parentContext, myClient) // // // This will use the custom client // provider, err := oidc.NewProvider(ctx, "https://accounts.example.com") // func ClientContext(ctx context.Context, client *http.Client) context.Context { … } func doRequest(ctx context.Context, req *http.Request) (*http.Response, error) { … } type Provider … type cachedKeys … type providerJSON … var supportedAlgorithms … // NewProvider uses the OpenID Connect discovery mechanism to construct a Provider. // // The issuer is the URL identifier for the service. For example: "https://accounts.google.com" // or "https://login.salesforce.com". func NewProvider(ctx context.Context, issuer string) (*Provider, error) { … } // Claims unmarshals raw fields returned by the server during discovery. // // var claims struct { // ScopesSupported []string `json:"scopes_supported"` // ClaimsSupported []string `json:"claims_supported"` // } // // if err := provider.Claims(&claims); err != nil { // // handle unmarshaling error // } // // For a list of fields defined by the OpenID Connect spec see: // https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata func (p *Provider) Claims(v interface{ … } // Endpoint returns the OAuth2 auth and token endpoints for the given provider. func (p *Provider) Endpoint() oauth2.Endpoint { … } type UserInfo … // Claims unmarshals the raw JSON object claims into the provided object. func (u *UserInfo) Claims(v interface{ … } // UserInfo uses the token source to query the provider's user info endpoint. func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource) (*UserInfo, error) { … } type IDToken … // Claims unmarshals the raw JSON payload of the ID Token into a provided struct. // // idToken, err := idTokenVerifier.Verify(rawIDToken) // if err != nil { // // handle error // } // var claims struct { // Email string `json:"email"` // EmailVerified bool `json:"email_verified"` // } // if err := idToken.Claims(&claims); err != nil { // // handle error // } // func (i *IDToken) Claims(v interface{ … } // VerifyAccessToken verifies that the hash of the access token that corresponds to the iD token // matches the hash in the id token. It returns an error if the hashes don't match. // It is the caller's responsibility to ensure that the optional access token hash is present for the ID token // before calling this method. See https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken func (i *IDToken) VerifyAccessToken(accessToken string) error { … } type idToken … type claimSource … type audience … func (a *audience) UnmarshalJSON(b []byte) error { … } type jsonTime … func (j *jsonTime) UnmarshalJSON(b []byte) error { … } func unmarshalResp(r *http.Response, body []byte, v interface{ … }