Description
There were two breaking changes made to the v3 branch. The import path has changed from:
go-oidc alternatives and similar packages
Based on the "Authentication & OAuth" category.
Alternatively, view go-oidc alternatives based on common mentions on social networks and blogs.
-
aws-doc-sdk-examples
Welcome to the AWS Code Examples Repository. This repo contains code examples used in the AWS documentation, AWS SDK Developer Guides, and more. For more information, see the Readme.md file below. -
casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN -
jwt-go
DISCONTINUED. ARCHIVE - Golang implementation of JSON Web Tokens (JWT). This project is now maintained at: -
goth
Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications. -
loginsrv
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, .. -
github.com/lestrrat-go/jwx/v2
Implementation of various JWx (Javascript Object Signing and Encryption/JOSE) technologies -
permissions2
:closed_lock_with_key: Middleware for keeping track of users, login states and permissions -
yubigo
Yubigo is a Yubikey client API library that provides an easy way to integrate the Yubico Yubikey into your existing Go-based user authentication infrastructure. -
sessions
A dead simple, highly performant, highly customizable sessions middleware for go http servers.
InfluxDB - Purpose built for real-time analytics at any scale.
Do you think we are missing an alternative of go-oidc or a related project?
Popular Comparisons
README
go-oidc
Updates from v2 to v3
There were two breaking changes made to the v3 branch. The import path has changed from:
github.com/coreos/go-oidc
to:
github.com/coreos/go-oidc/v3/oidc
And the return type of NewRemoteKeySet()
is now *RemoteKeySet
instead of an interface (#262).
OpenID Connect support for Go
This package enables OpenID Connect support for the golang.org/x/oauth2 package.
provider, err := oidc.NewProvider(ctx, "https://accounts.google.com")
if err != nil {
// handle error
}
// Configure an OpenID Connect aware OAuth2 client.
oauth2Config := oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
RedirectURL: redirectURL,
// Discovery returns the OAuth2 endpoints.
Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID, "profile", "email"},
}
OAuth2 redirects are unchanged.
func handleRedirect(w http.ResponseWriter, r *http.Request) {
http.Redirect(w, r, oauth2Config.AuthCodeURL(state), http.StatusFound)
}
The on responses, the provider can be used to verify ID Tokens.
var verifier = provider.Verifier(&oidc.Config{ClientID: clientID})
func handleOAuth2Callback(w http.ResponseWriter, r *http.Request) {
// Verify state and errors.
oauth2Token, err := oauth2Config.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil {
// handle error
}
// Extract the ID Token from OAuth2 token.
rawIDToken, ok := oauth2Token.Extra("id_token").(string)
if !ok {
// handle missing token
}
// Parse and verify ID Token payload.
idToken, err := verifier.Verify(ctx, rawIDToken)
if err != nil {
// handle error
}
// Extract custom claims
var claims struct {
Email string `json:"email"`
Verified bool `json:"email_verified"`
}
if err := idToken.Claims(&claims); err != nil {
// handle error
}
}