TokenBridge is a lightweight and flexible Go library designed to bridge identity systems securely. It enables you to verify ID tokens, exchange them for signed access tokens, and serve JSON Web Key Sets (JWKS) for downstream token validation.
-
β ID Token Verification
Validate OIDC-issued ID tokens using flexible verification options. -
π Token Exchange
Transform ID tokens into signed access tokens with optional custom claims. -
π JWKS Generation
Serve JSON Web Key Sets to allow downstream systems to verify your tokens.
Here's how TokenBridge works in a typical token exchange flow:
+-------------------+ +-------------------+ +-------------------+
| | | | | |
| Client | | TokenBridge | | OIDC Provider |
| | | | | |
+-------------------+ +-------------------+ +-------------------+
| | |
| 1. Sends ID Token | |
+-------------------------->| |
| | |
| | 2. Verifies ID Token |
| +-------------------------->|
| | |
| 3. Returns Access Token | |
+<--------------------------+ |
| | |
- Sends an ID token to TokenBridge for verification.
- Receives a newly issued access token.
- Verifies ID tokens using an OIDC provider.
- Issues signed access tokens with support for custom claims.
- Serves a JWKS endpoint for public key distribution.
- Issues standards-compliant ID tokens.
- Works with any OIDC-compatible identity provider (e.g., Auth0, Google, Okta).
Looking to integrate or extend TokenBridge? Check out these related projects:
- TokenBridge GitHub Action: Automate your workflows with TokenBridge using GitHub Actions.
- TokenBridge K8s Sidecar: Kubernetes sidecar for automatic token exchange and injection.
- TokenBridge Backend Example: A practical example of how to create a TokenBridge backend application.
We welcome contributions! Feel free to open issues, share feedback, or submit pull requests to improve TokenBridge.
TokenBridge is licensed under the MIT License.