Docs/Add Hardware-Backed Sign-In to Your Application/ Go (go-oidc)
View as .md

Go (go-oidc)

See the Applications overview for prerequisites, configuration endpoints, and available scopes.

go-oidc and the standard oauth2 package provide OIDC support for Go. Key configuration:

  • Initialize the provider with oidc.NewProvider() for auto-discovery
  • Generate PKCE verifier with oauth2.GenerateVerifier() and oauth2.S256ChallengeOption()
  • Manual state, nonce, and PKCE verifier management required
  • The hardware attestation claim (hardware_verified) is in the access token JWT — decode the payload into a struct after token exchange

Example

web/go-oidc — Complete working example with OIDC discovery, PKCE, and hardware claim extraction.