Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

oauth2server

package

Go to main page

Versions in this module

v0

v0.2.0

Jan 12, 2026

Changes in this version

+ const ErrorAccessDenied

+ const ErrorInvalidClient

+ const ErrorInvalidGrant

+ const ErrorInvalidRequest

+ const ErrorInvalidScope

+ const ErrorServerError

+ const ErrorUnauthorizedClient

+ const ErrorUnsupportedGrantType

+ const ErrorUnsupportedResponseType

+ const MaxVerifierLength

+ const MinVerifierLength

+ const PKCEMethodPlain

+ const PKCEMethodS256

+ var ErrClientNotFound = errors.New("client not found")

+ var ErrCodeExpired = errors.New("authorization code expired")

+ var ErrCodeNotFound = errors.New("authorization code not found")

+ var ErrCodeUsed = errors.New("authorization code already used")

+ var ErrPKCEMethodNotSupported = errors.New("only S256 code_challenge_method is supported")

+ var ErrPKCERequired = errors.New("PKCE code_challenge is required")

+ var ErrPKCEVerificationFailed = errors.New("PKCE code_verifier verification failed")

+ var ErrPKCEVerifierInvalid = errors.New("code_verifier contains invalid characters")

+ var ErrPKCEVerifierTooLong = errors.New("code_verifier must be at most 128 characters")

+ var ErrPKCEVerifierTooShort = errors.New("code_verifier must be at least 43 characters")

+ var ErrTokenExpired = errors.New("token expired")

+ var ErrTokenNotFound = errors.New("token not found")

+ func GenerateAccessToken() (string, error)

+ func GenerateAuthorizationCode() (string, error)

+ func GenerateClientID() (string, error)

+ func GenerateClientSecret() (string, error)

+ func GenerateCodeChallenge(verifier string) string

+ func GenerateCodeVerifier() (string, error)

+ func GenerateRefreshToken() (string, error)

+ func GenerateSecureToken(length int) (string, error)

+ func GetClientIDFromContext(ctx context.Context) string

+ func GetScopeFromContext(ctx context.Context) string

+ func GetSubjectFromContext(ctx context.Context) string

+ func SetTokenInfoContext(ctx context.Context, info *TokenInfo) context.Context

+ func ValidateCodeVerifier(verifier string) error

+ func VerifyCodeChallenge(verifier, challenge, method string) error

+ type Authenticator func(username, password string) bool

+ type AuthorizationCode struct

+ ClientID string

+ Code string

+ CodeChallenge string

+ CodeChallengeMethod string

+ CreatedAt time.Time

+ ExpiresAt time.Time

+ RedirectURI string

+ Scope string

+ Subject string

+ Used bool

+ type Client struct

+ ClientID string

+ ClientName string

+ ClientSecret string

+ CreatedAt time.Time

+ GrantTypes []string

+ RedirectURIs []string

+ ResponseTypes []string

+ TokenEndpointAuthMethod string

+ type Config struct

+ AccessTokenExpiry time.Duration

+ AllowedScopes []string

+ Authenticator Authenticator

+ AuthorizationCodeExpiry time.Duration

+ Debug bool

+ Issuer string

+ Logger *slog.Logger

+ LoginPageTemplate string

+ Paths *PathConfig

+ RefreshTokenExpiry time.Duration

+ Storage Storage

+ Users map[string]string

+ type MemoryStorage struct

+ func NewMemoryStorage() *MemoryStorage

+ func (m *MemoryStorage) Cleanup()

+ func (m *MemoryStorage) CreateAuthorizationCode(code *AuthorizationCode) error

+ func (m *MemoryStorage) CreateClient(client *Client) error

+ func (m *MemoryStorage) CreateToken(token *TokenInfo) error

+ func (m *MemoryStorage) DeleteAuthorizationCode(code string) error

+ func (m *MemoryStorage) DeleteClient(clientID string) error

+ func (m *MemoryStorage) DeleteToken(accessToken string) error

+ func (m *MemoryStorage) DeleteTokensByClient(clientID string) error

+ func (m *MemoryStorage) GetAuthorizationCode(code string) (*AuthorizationCode, error)

+ func (m *MemoryStorage) GetClient(clientID string) (*Client, error)

+ func (m *MemoryStorage) GetToken(accessToken string) (*TokenInfo, error)

+ func (m *MemoryStorage) GetTokenByRefresh(refreshToken string) (*TokenInfo, error)

+ func (m *MemoryStorage) MarkAuthorizationCodeUsed(code string) error

+ func (m *MemoryStorage) StartCleanup(interval time.Duration) func()

+ type OAuthError struct

+ Error string

+ ErrorDescription string

+ ErrorURI string

+ type PathConfig struct

+ Authorization string

+ Metadata string

+ Registration string

+ Token string

+ func DefaultPaths() *PathConfig

+ type RegistrationRequest struct

+ ClientName string

+ GrantTypes []string

+ RedirectURIs []string

+ ResponseTypes []string

+ TokenEndpointAuthMethod string

+ type RegistrationResponse struct

+ ClientID string

+ ClientName string

+ ClientSecret string

+ GrantTypes []string

+ RedirectURIs []string

+ ResponseTypes []string

+ TokenEndpointAuthMethod string

+ type Server struct

+ func New(cfg *Config) (*Server, error)

+ func (s *Server) AuthorizationHandler() http.Handler

+ func (s *Server) BearerAuthMiddleware(resourceMetadataURL string) func(http.Handler) http.Handler

+ func (s *Server) Config() *Config

+ func (s *Server) Logger() *slog.Logger

+ func (s *Server) MetadataHandler() http.Handler

+ func (s *Server) Paths() *PathConfig

+ func (s *Server) ProtectedResourceMetadataHandler(resourcePath string) http.Handler

+ func (s *Server) RegisterClient(clientID, clientSecret string, redirectURIs []string) (string, string, error)

+ func (s *Server) RegisterHandlers(mux *http.ServeMux)

+ func (s *Server) RegistrationHandler() http.Handler

+ func (s *Server) TokenHandler() http.Handler

+ func (s *Server) TokenVerifier() func(token string) (*TokenInfo, error)

+ type Storage interface

+ CreateAuthorizationCode func(code *AuthorizationCode) error

+ CreateClient func(client *Client) error

+ CreateToken func(token *TokenInfo) error

+ DeleteAuthorizationCode func(code string) error

+ DeleteClient func(clientID string) error

+ DeleteToken func(accessToken string) error

+ DeleteTokensByClient func(clientID string) error

+ GetAuthorizationCode func(code string) (*AuthorizationCode, error)

+ GetClient func(clientID string) (*Client, error)

+ GetToken func(accessToken string) (*TokenInfo, error)

+ GetTokenByRefresh func(refreshToken string) (*TokenInfo, error)

+ MarkAuthorizationCodeUsed func(code string) error

+ type TokenInfo struct

+ AccessToken string

+ ClientID string

+ CreatedAt time.Time

+ ExpiresAt time.Time

+ RefreshExpiresAt time.Time

+ RefreshToken string

+ Scope string

+ Subject string

+ TokenType string

+ func GetTokenInfoContext(ctx context.Context) *TokenInfo

+ func (t *TokenInfo) IsExpired() bool

+ type TokenRequest struct

+ ClientID string

+ ClientSecret string

+ Code string

+ CodeVerifier string

+ GrantType string

+ RedirectURI string

+ RefreshToken string

+ Scope string

+ type TokenResponse struct

+ AccessToken string

+ ExpiresIn int

+ RefreshToken string

+ Scope string

+ TokenType string