oauth2 package contains a client implementation for OAuth 2.0 spec. This is a fork of golang.org/x/oauth2. We graciously acknowledge and appreciate the hard work of the go maintainers for producing this package and hope to do it justice in the future.

Several differences or intended differences exist between this package and the go maintained package.

• Update go version support:
  • Module version go 1.21.
  • Supported version go 1.20 or newer.
• Remove deprecated usage:
  • Usage of io/ioutil package.
  • Usage and existence of oauth2.NoContext.
  • Existence of oauth2.RegisterBrokenAuthHeaderProvider.
  • Support for appengine gen1.
• Move packages:
  • Move golang.org/x/oauth2 to authelia.com/client/oauth2.
  • Move and no longer export the golang.org/x/oauth2/jws package to authelia.com/client/oauth2/internal/jws.
  • Move and no longer export the golang.org/x/oauth2/jwt package to authelia.com/client/oauth2/internal/jwt.
• Remove packages:
  • Endpoint specific packages.
• Add support for:
  • JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) implementation.
  • OpenID Connect 1.0 Discovery implementation.
  • RFC7662: OAuth 2.0 Token Introspection
  • RFC7009: OAuth 2.0 Token Revocation
  • RFC8414: OAuth 2.0 Authorization Server Metadata
  • RFC9126: OAuth 2.0 Pushed Authorization Requests (PAR)
  • RFC7523: OAuth 2.0 JWT Profile for Client Authentication and Authorization Grants
  • RFC7521: OAuth 2.0 Assertion Framework for Client Authentication and Authorization Grants
  • RFC9207: OAuth 2.0 Authorization Server Issuer Identification
  • RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR)
  • OAuth 2.0 JWT-Secured Authorization Response Mode
• Leverage well maintained packages:
  • JWS/JWT package.
• Add tenant/server based providers/endpoints:
  • Authelia
• Miscellaneous:
  • Create module shared between client and provider.

go get authelia.com/client/oauth2

Or you can manually git clone the repository to $(go env GOPATH)/src/authelia.com/client/oauth2.

See pkg.go.dev for further documentation and examples.

• pkg.go.dev/authelia.com/client/oauth2
• pkg.go.dev/authelia.com/client/oauth2/google

We no longer accept new provider-specific packages in this repo if all they do is add a single endpoint variable. If you just want to add a single endpoint, add it to the pkg.go.dev/authelia.com/client/oauth2/endpoints package.

Addendum: Authelia has removed these legacy endpoint packages and is not backwards compatible with this element of the go maintained package.

The main issue tracker for the oauth2 repository is located at https://github.com/authelia/client-oauth2/issues.