google: add support for JWT Access Tokens

This is a new form of authentication for Google services, where instead of passing a signed claim to obtain a token from the OAuth endpoint, you present the signed claim *as* the token to the API endpoint. Fixes #139. Fixes #140. Change-Id: Ibf0f168a0ec111660ac08b86121c943fb96e146c Reviewed-on: https://go-review.googlesource.com/10667 Reviewed-by: David Symonds <dsymonds@golang.org> Reviewed-by: Dave Day <djd@golang.org>
2015-06-03 16:14:52 -07:00
parent 8914e5017c
commit 397fe76494
2 changed files with 69 additions and 2 deletions
--- a/jws/jws.go
+++ b/jws/jws.go
@@ -27,8 +27,8 @@ type ClaimSet struct {
 	Iss   string `json:"iss"`             // email address of the client_id of the application making the access token request
 	Scope string `json:"scope,omitempty"` // space-delimited list of the permissions the application requests
 	Aud   string `json:"aud"`             // descriptor of the intended target of the assertion (Optional).
-	Exp   int64  `json:"exp"`             // the expiration time of the assertion
-	Iat   int64  `json:"iat"`             // the time the assertion was issued.
+	Exp   int64  `json:"exp"`             // the expiration time of the assertion (seconds since Unix epoch)
+	Iat   int64  `json:"iat"`             // the time the assertion was issued (seconds since Unix epoch)
 	Typ   string `json:"typ,omitempty"`   // token type (Optional).

 	// Email for which the application is requesting delegated access (Optional).