oauth2 package contains a client implementation for OAuth 2.0 spec. This is a fork of golang.org/x/oauth2
. We
graciously acknowledge and appreciate the hard work of the go maintainers for producing this package and hope to do it
justice in the future.
Several differences or intended differences exist between this package and the go maintained package.
- Update go version support:
- Module version go 1.21.
- Supported version go 1.20 or newer.
- Remove deprecated usage:
- Usage of
io/ioutil
package. - Usage and existence of
oauth2.NoContext
. - Existence of
oauth2.RegisterBrokenAuthHeaderProvider
. - Support for appengine gen1.
- Usage of
- Move packages:
- Move
golang.org/x/oauth2
toauthelia.com/client/oauth2
. - Move and no longer export the
golang.org/x/oauth2/jws
package toauthelia.com/client/oauth2/internal/jws
. - Move and no longer export the
golang.org/x/oauth2/jwt
package toauthelia.com/client/oauth2/internal/jwt
.
- Move
- Remove packages:
- Endpoint specific packages.
- Add support for:
- JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) implementation.
- OpenID Connect 1.0 Discovery implementation.
- RFC7662: OAuth 2.0 Token Introspection
- RFC7009: OAuth 2.0 Token Revocation
- RFC8414: OAuth 2.0 Authorization Server Metadata
- RFC9126: OAuth 2.0 Pushed Authorization Requests (PAR)
- RFC7523: OAuth 2.0 JWT Profile for Client Authentication and Authorization Grants
- RFC7521: OAuth 2.0 Assertion Framework for Client Authentication and Authorization Grants
- RFC9207: OAuth 2.0 Authorization Server Issuer Identification
- RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR)
- OAuth 2.0 JWT-Secured Authorization Response Mode
- Leverage well maintained packages:
- JWS/JWT package.
- Add tenant/server based providers/endpoints:
- Authelia
- Miscellaneous:
- Create module shared between client and provider.
go get authelia.com/client/oauth2
Or you can manually git clone the repository to
$(go env GOPATH)/src/authelia.com/client/oauth2
.
See pkg.go.dev for further documentation and examples.
We no longer accept new provider-specific packages in this repo if all they do is add a single endpoint variable. If you just want to add a single endpoint, add it to the pkg.go.dev/authelia.com/client/oauth2/endpoints package.
Addendum: Authelia has removed these legacy endpoint packages and is not backwards compatible with this element of the go maintained package.
The main issue tracker for the oauth2 repository is located at https://github.com/authelia/client-oauth2/issues.