package jwt

Import Path
	golang.org/x/oauth2/jwt (on go.dev)

Dependency Relation
	imports 12 packages, and imported by 2 packages


Involved Source Files

	
		Package jwt implements the OAuth 2.0 JSON Web Token flow, commonly
		known as "two-legged OAuth 2.0".

		See: https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12


Code Examples

	
		package main
		
		import (
			"context"
			"golang.org/x/oauth2/jwt"
		)
		
		func main() {
			ctx := context.Background()
			conf := &jwt.Config{
				Email: "xxx@developer.com",
				// The contents of your RSA private key or your PEM file
				// that contains a private key.
				// If you have a p12 file instead, you
				// can use `openssl` to export the private key into a pem file.
				//
				//    $ openssl pkcs12 -in key.p12 -out key.pem -nodes
				//
				// It only supports PEM containers with no passphrase.
				PrivateKey: []byte("-----BEGIN RSA PRIVATE KEY-----..."),
				Subject:    "user@example.com",
				TokenURL:   "https://provider.com/o/oauth2/token",
			}
			// Initiate an http.Client, the following GET request will be
			// authorized and authenticated on the behalf of user@example.com.
			client := conf.Client(ctx)
			client.Get("...")
		}




Package-Level Type Names (total 2, in which 1 are exported)


	/* sort exporteds by:  |  */
	
		Config is the configuration for using JWT to fetch tokens,
		commonly known as "two-legged OAuth 2.0".

		
			
				Audience optionally specifies the intended audience of the
				request.  If empty, the value of TokenURL is used as the
				intended audience.

			
				Email is the OAuth client identifier used when communicating with
				the configured OAuth provider.

			
				Expires optionally specifies how long the token is valid for.

			
				PrivateClaims optionally specifies custom private claims in the JWT.
				See http://tools.ietf.org/html/draft-jones-json-web-token-10#section-4.3

			
				PrivateKey contains the contents of an RSA private key or the
				contents of a PEM file that contains a private key. The provided
				private key is used to sign JWT payloads.
				PEM containers with a passphrase are not supported.
				Use the following command to convert a PKCS 12 file into a PEM.

				   $ openssl pkcs12 -in key.p12 -out key.pem -nodes

			
				PrivateKeyID contains an optional hint indicating which key is being
				used.

			
				Scopes optionally specifies a list of requested permission scopes.

			
				Subject is the optional user to impersonate.

			
				TokenURL is the endpoint required to complete the 2-legged JWT flow.

			
				UseIDToken optionally specifies whether ID token should be used instead
				of access token when the server returns both.

		
			
				Client returns an HTTP client wrapping the context's
				HTTP transport and adding Authorization headers with tokens
				obtained from c.

				The returned client and its Transport should not be modified.

			
				TokenSource returns a JWT TokenSource using the configuration
				in c and the HTTP client from the provided context.

		
			func golang.org/x/oauth2/google.JWTConfigFromJSON(jsonKey []byte, scope ...string) (*Config, error)


	


Package-Level Variables (total 2, neither is exported)