oauth2 package is forked from golang.org/x/oauth2. The major change is the handling of contexts. Context for requesting tokens is taken from the http.request rather than stored in the TokenSource. This allows for a TokenSource to exist accross contexts and, when wrapped by ReuseTokenSource func, to be safe for concurrent use.
The IDSecretInBody flag is added to the endpoint definition to replace "brokenAuthHeaderProviders" logic.
Issues that are resolved in this implementation includ
golang#223 all: find a better way to set a custom HTTP client
golang#262 TokenSource. Token method should take in a Context
golang#198 google: no way to set jws.PrivateClaims (needed for Firebase)
golang#198 Token expiration tolerance should be configurable #249
golang#256 OAuth2: Ability to specify "audience" parameter to token refresh #256
golang#84 CacheToken/transport confusion
go get github.com/jfcote87/oauth2