k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

*: revendor

Browse Source
This commit is contained in:
Eric Chiang
2016-08-08 11:45:51 -07:00
parent dd5c257c9e
commit b08780e6b1
10 changed files with 237 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
vendor/github.com/ericchiang/oidc/README.md generated vendored
View File

@@ -58,6 +58,13 @@ Or the provider can be used to verify and inspect the OpenID Connect
verifier := provider.NewVerifier(ctx)
```
The verifier itself can be constructed with addition checks, such as verifing a
token was issued for a specific client or hasn't expired.
```go
verifier := provier.NewVerifier(ctx, oidc.VerifyAudience(clientID), oidc.VerifyExpiry())
```
The returned verifier can be used to ensure the ID Token (a JWT) is signed by the provider.
```go
@@ -78,19 +85,19 @@ func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
}
// Verify that the ID Token is signed by the provider.
payload, err := verifier.Verify(rawIDToken)
idToken, err := verifier.Verify(rawIDToken)
if err != nil {
http.Error(w, "Failed to verify ID Token: "+err.Error(), http.StatusInternalServerError)
return
}
// Unmarshal ID Token for expected custom claims.
var idToken struct {
var claims struct {
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
}
if err := json.Unmarshal(payload, &idToken); err != nil {
http.Error(w, "Failed to unmarshal ID Token: "+err.Error(), http.StatusInternalServerError)
if err := idToken.Claims(&claims); err != nil {
http.Error(w, "Failed to unmarshal ID Token claims: "+err.Error(), http.StatusInternalServerError)
return
}