93be2ff7ac
Mitigations to CVE-2023-44487 were added to golang.org/x/net v0.17 (c4e9120dde92bc2cce99f853d4f1c5afe1cbaa23) and in Go v1.20.10[1]. This PR bumps Go to v1.20 to benefit from the patches to the standard library. Aside, this patch also bump the pseudo-standard golang.org/x/... libraries to their latest available version for good measure. [1]: https://pkg.go.dev/vuln/GO-2023-2102
OAuth2 for Go
oauth2 package contains a client implementation for OAuth 2.0 spec.
Installation
go get golang.org/x/oauth2
Or you can manually git clone the repository to
$(go env GOPATH)/src/golang.org/x/oauth2.
See pkg.go.dev for further documentation and examples.
Policy for new endpoints
We no longer accept new provider-specific packages in this repo if all they do is add a single endpoint variable. If you just want to add a single endpoint, add it to the pkg.go.dev/golang.org/x/oauth2/endpoints package.
Report Issues / Send Patches
The main issue tracker for the oauth2 repository is located at https://github.com/golang/oauth2/issues.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html. In particular:
- Excluding trivial changes, all contributions should be connected to an existing issue.
- API changes must go through the change proposal process before they can be accepted.
- The code owners are listed at dev.golang.org/owners.