Here is my scene, I am writing an OAuth service for my system, and is willing to use standard library
golang.org/x/net/oauth to encode/verify client credentials.I know that google's cloud platform api is also using this library.
There is a little confuse for me. I just want to implement with a simple HMAC(just a symmetric cryptography algorithm like SHA256). But it seems that the default Encode and Verify method in
golang.org/x/net/oauth/jws is implemented by RSA , a public-key cryptography algorithm.
Encode(header *Header, c *ClaimSet, key *rsa.PrivateKey) (string, error)
Verify(token string, key *rsa.PublicKey) error
So, I have to implement my own jws package, like semantic below.Which the 'secret' is a symmetric secret key to Sign and Verify the token.
Sign(header *Header, c *ClaimSet, secret string)
Verify(token string, secret string) error
Still it's the last thing I want to do, which is copying codes from a standard library. I wonder if I have described my situation clearly, or there is some misunderstanding for me about the oauth and jws please remind me.