I want to authenticate Android users with a Go AppEngine backend,
I can easily get an ID-token in Android by following http://android-developers.blogspot.co.il/2013/01/verifying-back-end-calls-from-android.html
how can I verify the token and get the payload ? is there a Go package for this ?
I found the solution myself, the ID-token can be verified with the oauth2/v2 package of the https://code.google.com/p/google-api-go-client/ library.
some installation tweaks are necessary for using it with AppEngine, I found some pointers at http://golangtutorials.blogspot.co.il/2011/11/using-external-api-in-go-appengine.html
I have created a golang package available @ https://github.com/emanoelxavier/openid2go that does exactly that without the need of any installation tweaks. It works for other openID identity providers as well, not just Google. It will fetch the signing keys, validate the token (issuer, audiences, expiration, etc) and make the user identity information available to your application service pipeline.
Judging from the linked docs, this is just an OAuth2 token. Try taking a look at https://developers.google.com/appengine/docs/go/users/overview#OAuth_in_Go, which describes using OAuth to authenticate users.
