Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

oauth2

package

Go to main page

Versions in this module

v0

v0.15.2

Jul 25, 2025

v0.15.1

Aug 16, 2024

v0.15.0

Jul 8, 2024

v0.14.0

Apr 24, 2024

v0.13.0

Feb 27, 2024

Changes in this version

+ const ClaimAccessTokenHash

+ const ClaimAccountType

+ const ClaimActive

+ const ClaimAddress

+ const ClaimAssignedTenants

+ const ClaimAudience

+ const ClaimAuthCtxClassRef

+ const ClaimAuthMethodRef

+ const ClaimAuthTime

+ const ClaimAuthorizedParty

+ const ClaimBirthday

+ const ClaimClientId

+ const ClaimCurrency

+ const ClaimDefaultTenantId

+ const ClaimEmail

+ const ClaimEmailVerified

+ const ClaimExpire

+ const ClaimFirstName

+ const ClaimFullName

+ const ClaimGender

+ const ClaimIssueAt

+ const ClaimIssuer

+ const ClaimJwtId

+ const ClaimLastName

+ const ClaimLegacyFirstName

+ const ClaimLegacyLastName

+ const ClaimLegacyTenantId

+ const ClaimLegacyUsername

+ const ClaimLocale

+ const ClaimMiddleName

+ const ClaimNickname

+ const ClaimNonce

+ const ClaimNotBefore

+ const ClaimOrigUsername

+ const ClaimPermissions

+ const ClaimPhoneNumVerified

+ const ClaimPhoneNumber

+ const ClaimPictureUrl

+ const ClaimPreferredUsername

+ const ClaimProfileUrl

+ const ClaimProviderDescription

+ const ClaimProviderDisplayName

+ const ClaimProviderEmail

+ const ClaimProviderId

+ const ClaimProviderName

+ const ClaimProviderNotificationType

+ const ClaimRoles

+ const ClaimScope

+ const ClaimSubject

+ const ClaimTag

+ const ClaimTenantExternalId

+ const ClaimTenantId

+ const ClaimTenantSuspended

+ const ClaimTokenType

+ const ClaimUpdatedAt

+ const ClaimUserId

+ const ClaimUsername

+ const ClaimWebsite

+ const ClaimZoneInfo

+ const CtxKeyAuthenticatedAccount

+ const CtxKeyAuthenticatedClient

+ const CtxKeyAuthenticationTime

+ const CtxKeyAuthorizationExpiryTime

+ const CtxKeyAuthorizationIssueTime

+ const CtxKeyAuthorizedProvider

+ const CtxKeyAuthorizedTenant

+ const CtxKeyReceivedAuthorizeRequest

+ const CtxKeyResolvedAuthorizeRedirect

+ const CtxKeyResolvedAuthorizeState

+ const CtxKeySourceAuthentication

+ const CtxKeyUserAuthentication

+ const CtxKeyValidatedAuthorizeRequest

+ const DetailsKeyRequestExt

+ const DetailsKeyRequestParams

+ const ErrorCodeAccessRejected

+ const ErrorCodeClientNotFound

+ const ErrorCodeGeneric

+ const ErrorCodeGranterNotAvailable

+ const ErrorCodeInsufficientScope

+ const ErrorCodeInvalidAccessToken

+ const ErrorCodeInvalidAuthorizeRequest

+ const ErrorCodeInvalidClient

+ const ErrorCodeInvalidGrant

+ const ErrorCodeInvalidRedirectUri

+ const ErrorCodeInvalidResponseType

+ const ErrorCodeInvalidScope

+ const ErrorCodeInvalidTokenRequest

+ const ErrorCodeOAuth2InternalGeneral

+ const ErrorCodeOpenIDExt

+ const ErrorCodeResourceServerGeneral

+ const ErrorCodeUnauthorizedClient

+ const ErrorCodeUnsupportedTokenType

+ const ErrorSubTypeCodeOAuth2Authorize

+ const ErrorSubTypeCodeOAuth2ClientAuth

+ const ErrorSubTypeCodeOAuth2Grant

+ const ErrorSubTypeCodeOAuth2Internal

+ const ErrorSubTypeCodeOAuth2Res

+ const ErrorTranslationAccessDenied

+ const ErrorTranslationAcctSelectRequired

+ const ErrorTranslationConsentRequired

+ const ErrorTranslationGrantNotSupported

+ const ErrorTranslationInsufficientScope

+ const ErrorTranslationInteractionRequired

+ const ErrorTranslationInternal

+ const ErrorTranslationInternalNA

+ const ErrorTranslationInvalidClient

+ const ErrorTranslationInvalidGrant

+ const ErrorTranslationInvalidRequest

+ const ErrorTranslationInvalidRequestObj

+ const ErrorTranslationInvalidRequestURI

+ const ErrorTranslationInvalidResponseType

+ const ErrorTranslationInvalidScope

+ const ErrorTranslationInvalidToken

+ const ErrorTranslationLoginRequired

+ const ErrorTranslationRedirectMismatch

+ const ErrorTranslationRegistrationUnsupported

+ const ErrorTranslationRequestURIUnsupported

+ const ErrorTranslationRequestUnsupported

+ const ErrorTranslationUnauthorizedClient

+ const ErrorTranslationUnsupportedTokenType

+ const ExtUseSessionTimeout

+ const GrantTypeAuthCode

+ const GrantTypeClientCredentials

+ const GrantTypeImplicit

+ const GrantTypePassword

+ const GrantTypeRefresh

+ const GrantTypeSamlSSO

+ const GrantTypeSwitchTenant

+ const GrantTypeSwitchUser

+ const JsonFieldAccessTokenValue

+ const JsonFieldExpiresIn

+ const JsonFieldExpiryTime

+ const JsonFieldIDTokenValue

+ const JsonFieldIssueTime

+ const JsonFieldRefreshTokenValue

+ const JsonFieldScope

+ const JsonFieldTokenType

+ const LegacyResourceId

+ const ParameterACR

+ const ParameterAccessToken

+ const ParameterAuthCode

+ const ParameterClaims

+ const ParameterClientId

+ const ParameterClientSecret

+ const ParameterCodeChallenge

+ const ParameterCodeChallengeMethod

+ const ParameterCodeVerifier

+ const ParameterDisplay

+ const ParameterError

+ const ParameterErrorDescription

+ const ParameterGrantType

+ const ParameterMaxAge

+ const ParameterNonce

+ const ParameterPassword

+ const ParameterPrompt

+ const ParameterRedirectUri

+ const ParameterRefreshToken

+ const ParameterRequestObj

+ const ParameterRequestUri

+ const ParameterResponseType

+ const ParameterScope

+ const ParameterState

+ const ParameterSwitchUserId

+ const ParameterSwitchUsername

+ const ParameterTenantExternalId

+ const ParameterTenantId

+ const ParameterUserApproval

+ const ParameterUsername

+ const ScopeOidc

+ const ScopeOidcAddress

+ const ScopeOidcEmail

+ const ScopeOidcPhone

+ const ScopeOidcProfile

+ const ScopeRead

+ const ScopeTenantHierarchy

+ const ScopeTokenDetails

+ const ScopeWrite

+ const TokenTypeBasic

+ const TokenTypeBearer

+ const TokenTypeMac

+ var ErrorSubTypeOAuth2Authorize = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Authorize, errors.New("error sub-type: oauth2 auth"))

+ var ErrorSubTypeOAuth2ClientAuth = security.NewErrorSubType(ErrorSubTypeCodeOAuth2ClientAuth, ...)

+ var ErrorSubTypeOAuth2Grant = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Grant, errors.New("error sub-type: oauth2 grant"))

+ var ErrorSubTypeOAuth2Internal = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Internal, errors.New("error sub-type: internal"))

+ var ErrorSubTypeOAuth2Res = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Res, errors.New("error sub-type: oauth2 resource"))

+ var ErrorTypeOAuth2 = security.NewErrorType(security.ErrorTypeCodeOAuth2, errors.New("error type: oauth2"))

+ func NewAccessRejectedError(value interface{}, causes ...interface{}) error

+ func NewClientNotFoundError(value interface{}, causes ...interface{}) error

+ func NewGenericError(value interface{}, causes ...interface{}) error

+ func NewGranterNotAvailableError(value interface{}, causes ...interface{}) error

+ func NewInsufficientScopeError(value interface{}, causes ...interface{}) error

+ func NewInternalError(value interface{}, causes ...interface{}) error

+ func NewInternalUnavailableError(value interface{}, causes ...interface{}) error

+ func NewInvalidAccessTokenError(value interface{}, causes ...interface{}) error

+ func NewInvalidAuthorizeRequestError(value interface{}, causes ...interface{}) error

+ func NewInvalidClientError(value interface{}, causes ...interface{}) error

+ func NewInvalidGrantError(value interface{}, causes ...interface{}) error

+ func NewInvalidRedirectUriError(value interface{}, causes ...interface{}) error

+ func NewInvalidResponseTypeError(value interface{}, causes ...interface{}) error

+ func NewInvalidScopeError(value interface{}, causes ...interface{}) error

+ func NewInvalidTokenRequestError(value interface{}, causes ...interface{}) error

+ func NewUnauthorizedClientError(value interface{}, causes ...interface{}) error

+ func NewUnsupportedTokenTypeError(value interface{}, causes ...interface{}) error

+ func NewUserAuthentication(opts ...UserAuthOptions) *userAuthentication

+ type AccessToken interface

+ IssueTime func() time.Time

+ RefreshToken func() RefreshToken

+ Scopes func() utils.StringSet

+ Type func() TokenType

+ type AuthOption struct

+ Details interface{}

+ Request OAuth2Request

+ Token AccessToken

+ UserAuth security.Authentication

+ type Authentication interface

+ AccessToken func() AccessToken

+ OAuth2Request func() OAuth2Request

+ UserAuthentication func() security.Authentication

+ func NewAuthentication(opts ...AuthenticationOptions) Authentication

+ type AuthenticationOptions func(opt *AuthOption)

+ type BasicClaims struct

+ Audience StringSetClaim

+ ClientId string

+ ExpiresAt time.Time

+ Id string

+ IssuedAt time.Time

+ Issuer string

+ NotBefore time.Time

+ Scopes utils.StringSet

+ Subject string

+ func (c *BasicClaims) Get(claim string) interface{}

+ func (c *BasicClaims) Has(claim string) bool

+ func (c *BasicClaims) MarshalJSON() ([]byte, error)

+ func (c *BasicClaims) Set(claim string, value interface{})

+ func (c *BasicClaims) UnmarshalJSON(bytes []byte) error

+ func (c *BasicClaims) Values() map[string]interface{}

+ type Claims interface

+ Get func(claim string) interface{}

+ Has func(claim string) bool

+ Set func(claim string, value interface{})

+ Values func() map[string]interface{}

+ type ClaimsContainer interface

+ Claims func() Claims

+ SetClaims func(claims Claims)

+ type ClientDetails interface

+ ClientId func() string

+ type DefaultAccessToken struct

+ func FromAccessToken(token AccessToken) *DefaultAccessToken

+ func NewDefaultAccessToken(value string) *DefaultAccessToken

+ func (t *DefaultAccessToken) AddScopes(scopes ...string) *DefaultAccessToken

+ func (t *DefaultAccessToken) Claims() Claims

+ func (t *DefaultAccessToken) Details() map[string]interface{}

+ func (t *DefaultAccessToken) Expired() bool

+ func (t *DefaultAccessToken) ExpiryTime() time.Time

+ func (t *DefaultAccessToken) IssueTime() time.Time

+ func (t *DefaultAccessToken) MarshalJSON() ([]byte, error)

+ func (t *DefaultAccessToken) PutDetails(key string, value interface{}) *DefaultAccessToken

+ func (t *DefaultAccessToken) RefreshToken() RefreshToken

+ func (t *DefaultAccessToken) RemoveScopes(scopes ...string) *DefaultAccessToken

+ func (t *DefaultAccessToken) Scopes() utils.StringSet

+ func (t *DefaultAccessToken) SetClaims(claims Claims)

+ func (t *DefaultAccessToken) SetExpireTime(v time.Time) *DefaultAccessToken

+ func (t *DefaultAccessToken) SetIssueTime(v time.Time) *DefaultAccessToken

+ func (t *DefaultAccessToken) SetRefreshToken(v RefreshToken) *DefaultAccessToken

+ func (t *DefaultAccessToken) SetScopes(scopes utils.StringSet) *DefaultAccessToken

+ func (t *DefaultAccessToken) SetValue(v string) *DefaultAccessToken

+ func (t *DefaultAccessToken) Type() TokenType

+ func (t *DefaultAccessToken) UnmarshalJSON(data []byte) error

+ func (t *DefaultAccessToken) Value() string

+ type DefaultRefreshToken struct

+ func FromRefreshToken(token RefreshToken) *DefaultRefreshToken

+ func NewDefaultRefreshToken(value string) *DefaultRefreshToken

+ func (t *DefaultRefreshToken) Claims() Claims

+ func (t *DefaultRefreshToken) Details() map[string]interface{}

+ func (t *DefaultRefreshToken) Expired() bool

+ func (t *DefaultRefreshToken) ExpiryTime() time.Time

+ func (t *DefaultRefreshToken) MarshalJSON() ([]byte, error)

+ func (t *DefaultRefreshToken) PutDetails(key string, value interface{}) *DefaultRefreshToken

+ func (t *DefaultRefreshToken) SetClaims(claims Claims)

+ func (t *DefaultRefreshToken) SetExpireTime(v time.Time) *DefaultRefreshToken

+ func (t *DefaultRefreshToken) SetValue(v string) *DefaultRefreshToken

+ func (t *DefaultRefreshToken) UnmarshalJSON(data []byte) error

+ func (t *DefaultRefreshToken) Value() string

+ func (t *DefaultRefreshToken) WillExpire() bool

+ type FieldClaimsMapper struct

+ func (m *FieldClaimsMapper) DoMarshalJSON(owner interface{}) ([]byte, error)

+ func (m *FieldClaimsMapper) DoUnmarshalJSON(owner interface{}, bytes []byte) error

+ func (m *FieldClaimsMapper) Get(owner interface{}, claim string) interface{}

+ func (m *FieldClaimsMapper) Has(owner interface{}, claim string) bool

+ func (m *FieldClaimsMapper) Set(owner interface{}, claim string, value interface{})

+ func (m *FieldClaimsMapper) Values(owner interface{}) map[string]interface{}

+ type MapClaims map[string]interface

+ func (c MapClaims) Get(claim string) interface{}

+ func (c MapClaims) Has(claim string) bool

+ func (c MapClaims) MarshalJSON() ([]byte, error)

+ func (c MapClaims) Set(claim string, value interface{})

+ func (c MapClaims) UnmarshalJSON(bytes []byte) error

+ func (c MapClaims) Values() map[string]interface{}

+ type OAuth2Client interface

+ AccessTokenValidity func() time.Duration

+ AssignedTenantIds func() utils.StringSet

+ AutoApproveScopes func() utils.StringSet

+ ClientId func() string

+ GrantTypes func() utils.StringSet

+ RedirectUris func() utils.StringSet

+ RefreshTokenValidity func() time.Duration

+ ResourceIDs func() utils.StringSet

+ Scopes func() utils.StringSet

+ Secret func() string

+ SecretRequired func() bool

+ UseSessionTimeout func() bool

+ type OAuth2ClientStore interface

+ LoadClientByClientId func(ctx context.Context, clientId string) (OAuth2Client, error)

+ type OAuth2Error struct

+ EC string

+ SC int

+ func NewOAuth2Error(code int64, e interface{}, oauth2Code string, sc int, causes ...interface{}) *OAuth2Error

+ func (e *OAuth2Error) Headers() http.Header

+ func (e *OAuth2Error) MarshalJSON() ([]byte, error)

+ func (e *OAuth2Error) StatusCode() int

+ func (e *OAuth2Error) TranslateErrorCode() string

+ func (e *OAuth2Error) TranslateStatusCode() int

+ func (e *OAuth2Error) UnmarshalBinary(data []byte) error

+ func (e *OAuth2Error) UnmarshalJSON(data []byte) error

+ func (e OAuth2Error) MarshalBinary() ([]byte, error)

+ type OAuth2ErrorTranslator interface

+ TranslateErrorCode func() string

+ TranslateStatusCode func() int

+ type OAuth2Request interface

+ Approved func() bool

+ ClientId func() string

+ Extensions func() map[string]interface{}

+ GrantType func() string

+ NewOAuth2Request func(...RequestOptionsFunc) OAuth2Request

+ Parameters func() map[string]string

+ RedirectUri func() string

+ ResponseTypes func() utils.StringSet

+ Scopes func() utils.StringSet

+ func NewOAuth2Request(optFuncs ...RequestOptionsFunc) OAuth2Request

+ type RefreshToken interface

+ WillExpire func() bool

+ type RequestDetails struct

+ Approved bool

+ ClientId string

+ Extensions map[string]interface{}

+ GrantType string

+ Parameters map[string]string

+ RedirectUri string

+ ResponseTypes utils.StringSet

+ Scopes utils.StringSet

+ type RequestOptionsFunc func(opt *RequestDetails)

+ type StringSetClaim utils.StringSet

+ func (s StringSetClaim) MarshalJSON() ([]byte, error)

+ func (s StringSetClaim) UnmarshalJSON(data []byte) error

+ type TimeoutApplier interface

+ ApplyTimeout func(ctx context.Context, sessionId string) (valid bool, err error)

+ type Token interface

+ Details func() map[string]interface{}

+ Expired func() bool

+ ExpiryTime func() time.Time

+ Value func() string

+ type TokenHint int

+ const TokenHintAccessToken

+ const TokenHintRefreshToken

+ func (h TokenHint) String() string

+ type TokenStoreReader interface

+ ReadAccessToken func(ctx context.Context, value string) (AccessToken, error)

+ ReadAuthentication func(ctx context.Context, tokenValue string, hint TokenHint) (Authentication, error)

+ ReadRefreshToken func(ctx context.Context, value string) (RefreshToken, error)

+ type TokenType string

+ func (t TokenType) HttpHeader() string

+ type UserAuthOption struct

+ Details map[string]interface{}

+ Permissions map[string]interface{}

+ Principal string

+ State security.AuthenticationState

+ type UserAuthOptions func(opt *UserAuthOption)

+ type UserAuthentication interface

+ DetailsMap func() map[string]interface{}

+ Subject func() string