Confuse about google.org/x/net/oauth

[叶志辉]

    Here is my scene, I am writing an OAuth service for my system, and is willing to use standard library golang.org/x/net/oauth to encode/verify client credentials.I know that google's cloud platform api is also using this library.

    There is a little confuse for me. I just want to implement with a simple HMAC(just a symmetric cryptography algorithm like SHA256). But it seems that the default Encode and Verify method in golang.org/x/net/oauth/jws is implemented by RSA , a public-key cryptography algorithm. 

Encode(header *Header, c *ClaimSet, key *rsa.PrivateKey) (string, error)

Verify(token string, key *rsa.PublicKey) error

    So, I have to implement my own jws package, like semantic below.Which the 'secret' is a symmetric secret key to Sign and Verify the token.

Sign(header *Header, c *ClaimSet, secret string)

Verify(token string, secret string) error 

    Still it's the last thing I want to do, which is copying codes from a standard library. I wonder if I have described my situation clearly, or there is some misunderstanding for me about the oauth and jws please remind me.