oauthex

package

Go to main page

Versions in this module

v1

v1.6.0

Apr 30, 2026

Changes in this version

type ClientRegistrationMetadata

+ ApplicationType string

v1.6.0-pre.1

Apr 30, 2026

v1.5.0

Mar 31, 2026

Changes in this version

+ const GrantTypeTokenExchange

+ const TokenTypeIDJAG

+ const TokenTypeIDToken

+ const TokenTypeSAML2

+ func ExchangeToken(ctx context.Context, tokenEndpoint string, req *TokenExchangeRequest, ...) (*oauth2.Token, error)

+ type AuthServerMeta struct

+ AuthorizationEndpoint string

+ ClientIDMetadataDocumentSupported bool

+ CodeChallengeMethodsSupported []string

+ GrantTypesSupported []string

+ IntrospectionEndpoint string

+ IntrospectionEndpointAuthMethodsSupported []string

+ IntrospectionEndpointAuthSigningAlgValuesSupported []string

+ Issuer string

+ JWKSURI string

+ OpPolicyURI string

+ OpTOSURI string

+ RegistrationEndpoint string

+ ResponseModesSupported []string

+ ResponseTypesSupported []string

+ RevocationEndpoint string

+ RevocationEndpointAuthMethodsSupported []string

+ RevocationEndpointAuthSigningAlgValuesSupported []string

+ ScopesSupported []string

+ ServiceDocumentation string

+ TokenEndpoint string

+ TokenEndpointAuthMethodsSupported []string

+ TokenEndpointAuthSigningAlgValuesSupported []string

+ UILocalesSupported []string

+ func GetAuthServerMeta(ctx context.Context, metadataURL, issuer string, c *http.Client) (*AuthServerMeta, error)

type Challenge

+ func ParseWWWAuthenticate(headers []string) ([]Challenge, error)

+ type ClientCredentials struct

+ ClientID string

+ ClientSecretAuth *ClientSecretAuth

+ func (c *ClientCredentials) Validate() error

+ type ClientRegistrationError struct

+ ErrorCode string

+ ErrorDescription string

+ func (e *ClientRegistrationError) Error() string

+ type ClientRegistrationMetadata struct

+ ClientName string

+ ClientURI string

+ Contacts []string

+ GrantTypes []string

+ JWKS string

+ JWKSURI string

+ LogoURI string

+ PolicyURI string

+ RedirectURIs []string

+ ResponseTypes []string

+ Scope string

+ SoftwareID string

+ SoftwareStatement string

+ SoftwareVersion string

+ TOSURI string

+ TokenEndpointAuthMethod string

+ type ClientRegistrationResponse struct

+ ClientID string

+ ClientIDIssuedAt time.Time

+ ClientSecret string

+ ClientSecretExpiresAt time.Time

+ func RegisterClient(ctx context.Context, registrationEndpoint string, ...) (*ClientRegistrationResponse, error)

+ func (r *ClientRegistrationResponse) MarshalJSON() ([]byte, error)

+ func (r *ClientRegistrationResponse) UnmarshalJSON(data []byte) error

+ type ClientSecretAuth struct

+ ClientSecret string

type ProtectedResourceMetadata

+ func GetProtectedResourceMetadata(ctx context.Context, metadataURL, resourceURL string, c *http.Client) (_ *ProtectedResourceMetadata, err error)

+ type TokenExchangeRequest struct

+ Audience string

+ RequestedTokenType string

+ Resource string

+ Scope []string

+ SubjectToken string

+ SubjectTokenType string

v1.5.0-pre.1

Mar 31, 2026

v1.4.1

Mar 13, 2026

v1.4.0

Feb 27, 2026 GO-2026-4770 +1 more

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

Changes in this version

+ type Challenge struct

+ Params map[string]string

+ Scheme string

v1.3.1

Feb 18, 2026 GO-2026-4770 +1 more

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.3.0

Jan 25, 2026 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.3.0-pre.1

Jan 25, 2026 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.2.0

Dec 19, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.2.0-pre.2

Dec 19, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.2.0-pre.1

Dec 12, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.1.0

Oct 29, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

Changes in this version

type ProtectedResourceMetadata

+ AuthorizationDetailsTypesSupported []string

+ AuthorizationServers []string

+ BearerMethodsSupported []string

+ DPOPBoundAccessTokensRequired bool

+ DPOPSigningAlgValuesSupported []string

+ JWKSURI string

+ Resource string

+ ResourceDocumentation string

+ ResourceName string

+ ResourcePolicyURI string

+ ResourceSigningAlgValuesSupported []string

+ ResourceTOSURI string

+ ScopesSupported []string

+ TLSClientCertificateBoundAccessTokens bool

v1.1.0-pre.2

Oct 29, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.1.0-pre.1

Oct 23, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v1.0.0

Sep 30, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v0

v0.8.0

Sep 26, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v0.7.0

Sep 24, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

v0.6.0

Sep 19, 2025 GO-2026-4569 +2 more

GO-2026-4569: MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity in github.com/modelcontextprotocol/go-sdk

GO-2026-4770: Improper handling of null Unicode character when parsing JSON in github.com/modelcontextprotocol/go-sdk

GO-2026-4773: Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

Changes in this version

+ type ProtectedResourceMetadata = oauthex.ProtectedResourceMetadata

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL