This package is not a general-use JWS implementation and should live
under internal. For now, just add a warning that no new users should
depend on it.
Updates #196.
Change-Id: I0eef273c8327a5ad26eb33a4425afcadca23494b
Reviewed-on: https://go-review.googlesource.com/27692
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The Raw (unpadded) version of URL encoding was introduced in Go 1.5.
Since we no longer need to support Go 1.4 (and indeed, Go 1.4 won't work
because of our dependency on golang.org/x/net/context), we can simplify
the base64 encoding/decoding to use this directly.
Fixesgolang/oauth2#190.
Change-Id: Ic2676edf5fe5b4d1680409fd9c02bd1c287ca39f
Reviewed-on: https://go-review.googlesource.com/25000
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Provides helper method for verifying a signed JWT against a provided
public key.
Change-Id: I498ecfce07862c372fd5f81c1fcdc09692ed0f5c
Reviewed-on: https://go-review.googlesource.com/21762
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This permits controlling the mechanism for signing the token;
for instance, one can use EncodeWithSigner in an App Engine app
to use the App Identity API to perform the signing (you don't have
direct access to the private key there).
An alternate would be to replace Encode with EncodeWithSigner,
and add a little wrapper type that turns a *rsa.PrivateKey into
a Signer. That's probably what I'd do if this were being written
from scratch, but I wasn't keen on breaking existing code.
Change-Id: Id48f5dfa15c179832e613268d4a4098b96648f9a
Reviewed-on: https://go-review.googlesource.com/16711
Reviewed-by: Burcu Dogan <jbd@google.com>
Run-TryBot: David Symonds <dsymonds@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>
The current implementation of JWS/JWT in this package uses a fixed
1 hour expiry time for JWT tokens.
Some services do not accept such a long expiry time, e.g. Salesforce,
which defaults to a 5 minute expiry.
https://help.salesforce.com/HTViewHelpDoc?id=remoteaccess_oauth_jwt_flow.htm
This change adds an Expires time.Duration property to the jwt.Config
struct that, if set, will be used to calculate the jws.ClaimSet Exp property.
It allows a custom expiry to be set on a JWT token.
This change is backward compatible and will revert to previous behaviour if
the Expires property is not set.
Fixesgolang/oauth2#151
Change-Id: I3159ac2a5711ef10389d83c0e290bfc7a9f54015
Reviewed-on: https://go-review.googlesource.com/14681
Reviewed-by: Burcu Dogan <jbd@google.com>
This is a new form of authentication for Google services, where instead
of passing a signed claim to obtain a token from the OAuth endpoint, you
present the signed claim *as* the token to the API endpoint.
Fixes#139.
Fixes#140.
Change-Id: Ibf0f168a0ec111660ac08b86121c943fb96e146c
Reviewed-on: https://go-review.googlesource.com/10667
Reviewed-by: David Symonds <dsymonds@golang.org>
Reviewed-by: Dave Day <djd@golang.org>
- Reduce the duplicate code by merging the flows and
determining the flow type by looking at the provided options.
- Options as a function type allows us to validate an individual
an option in its scope and makes it easier to compose the
built-in options with the third-party ones.