Validating a JWT from Google Sign-in using jwt-go

test.go

package main

import (
        "encoding/json"
        "fmt"
        "gopkg.in/dgrijalva/jwt-go.v3"
        "io/ioutil"
        "net/http"
        "os"
)

func pemForKid(kid string) (pem string, err error) {
        url := "https://www.googleapis.com/oauth2/v1/certs"
        resp, err := http.Get(url)
        if err != nil {
                return
        }
        defer resp.Body.Close()

        body, err := ioutil.ReadAll(resp.Body)
        if err != nil {
                return
        }

        keys := map[string]string{}
        err = json.Unmarshal(body, &keys)
        if err != nil {
                return
        }

        pem = keys[kid]
        return
}

func main() {
        token, err := jwt.Parse(os.Args[1], func(token *jwt.Token) (interface{}, error) {
                // Google tokens use the RS256 version, with is RSA signing
                if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
                        return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
                }
                // Now download the PEMs from Google and pick the one that matches our token
                verifyPem, err := pemForKid(token.Header["kid"].(string))
                if err != nil {
                        return nil, fmt.Errorf("Error fetching verification key: %v\n", err)
                }
                // Parse the verification PEM to pull out the key, easy mode using the
                // convenience functions provided by jwt-go
                verifyKey, err := jwt.ParseRSAPublicKeyFromPEM([]byte(verifyPem))
                if err != nil {
                        fmt.Printf("Error parsing key %v\n", err)
                }
                return verifyKey, nil
        })

        if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
                fmt.Printf("token %v\n", claims)
        } else {
                fmt.Printf("err %v\n", err)
        }
}