luci: Index | Files

package googleoauth

import ""

Package googleoauth contains some helpers related to Google OAuth2.


Package Files

doc.go info.go


const (
    // TokeninfoEndpoint is Google's token info endpoint.
    TokeninfoEndpoint = ""


var ErrBadToken = errors.New("bad token")

ErrBadToken is returned by GetTokenInfo if the passed token is invalid.

type TokenInfo Uses

type TokenInfo struct {
    Azp           string `json:"azp"`
    Aud           string `json:"aud"`
    Sub           string `json:"sub"`
    Scope         string `json:"scope"`
    Exp           int64  `json:"exp,string"`
    ExpiresIn     int64  `json:"expires_in,string"`
    Email         string `json:"email"`
    EmailVerified bool   `json:"email_verified,string"`
    AccessType    string `json:"access_type"`

TokenInfo is information about an access or ID tokens.

Of primary importance are 'email', 'email_verified', 'scope' and 'aud' fields. If the caller using token info endpoint to validate tokens, it MUST check correctness of these fields.

func GetTokenInfo Uses

func GetTokenInfo(c context.Context, params TokenInfoParams) (*TokenInfo, error)

GetTokenInfo queries token info endpoint and returns information about the token if it is recognized.


On invalid token (as indicated by 4** HTTP response) returns ErrBadToken. On other HTTP-level errors (e.g HTTP 500) returns transient-wrapped *googleapi.Error. On network-level errors returns them in a transient wrapper.

type TokenInfoParams Uses

type TokenInfoParams struct {
    AccessToken string // an access token to check
    IDToken     string // an ID token to check (overrides AccessToken)

    Client   *http.Client // non-authenticating client to use for the call
    Endpoint string       // an endpoint to use instead of the default one

TokenInfoParams are parameters for GetTokenInfo call.

Package googleoauth imports 9 packages (graph) and is imported by 10 packages. Updated 2021-01-24. Refresh now. Tools for package owners.