breaking change: rename GetKeyByIDAndUserID -> GetKeyByIDAndClientID
This commit is contained in:
David Sharnoff
Tim Möhlmann
parent
f447b9b6d4
commit
0c74bd51db
6 changed files with 14 additions and 18 deletions
|
|
@ -1,5 +1,4 @@
|
|||
|
||||
# Backwards-incompatible changes to be made in the next major release
|
||||
|
||||
- Rename `op/OpStorage.GetKeyByIDAndUserID` to `op/OpStorage.GetKeyByIDAndClientID`
|
||||
|
||||
|
|
|
|||
|
|
@ -510,9 +510,9 @@ func (s *Storage) getPrivateClaimsFromScopes(ctx context.Context, userID, client
|
|||
return claims, nil
|
||||
}
|
||||
|
||||
// GetKeyByIDAndUserID implements the op.Storage interface
|
||||
// GetKeyByIDAndClientID implements the op.Storage interface
|
||||
// it will be called to validate the signatures of a JWT (JWT Profile Grant and Authentication)
|
||||
func (s *Storage) GetKeyByIDAndUserID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error) {
|
||||
func (s *Storage) GetKeyByIDAndClientID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error) {
|
||||
s.lock.Lock()
|
||||
defer s.lock.Unlock()
|
||||
service, ok := s.services[clientID]
|
||||
|
|
|
|||
|
|
@ -236,14 +236,14 @@ func (s *multiStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, c
|
|||
return storage.GetPrivateClaimsFromScopes(ctx, userID, clientID, scopes)
|
||||
}
|
||||
|
||||
// GetKeyByIDAndUserID implements the op.Storage interface
|
||||
// GetKeyByIDAndClientID implements the op.Storage interface
|
||||
// it will be called to validate the signatures of a JWT (JWT Profile Grant and Authentication)
|
||||
func (s *multiStorage) GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error) {
|
||||
func (s *multiStorage) GetKeyByIDAndClientID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error) {
|
||||
storage, err := s.storageFromContext(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return storage.GetKeyByIDAndUserID(ctx, keyID, userID)
|
||||
return storage.GetKeyByIDAndClientID(ctx, keyID, userID)
|
||||
}
|
||||
|
||||
// ValidateJWTProfileScopes implements the op.Storage interface
|
||||
|
|
|
|||
|
|
@ -159,19 +159,19 @@ func (mr *MockStorageMockRecorder) GetClientByClientID(arg0, arg1 interface{}) *
|
|||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetClientByClientID", reflect.TypeOf((*MockStorage)(nil).GetClientByClientID), arg0, arg1)
|
||||
}
|
||||
|
||||
// GetKeyByIDAndUserID mocks base method.
|
||||
func (m *MockStorage) GetKeyByIDAndUserID(arg0 context.Context, arg1, arg2 string) (*jose.JSONWebKey, error) {
|
||||
// GetKeyByIDAndClientID mocks base method.
|
||||
func (m *MockStorage) GetKeyByIDAndClientID(arg0 context.Context, arg1, arg2 string) (*jose.JSONWebKey, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "GetKeyByIDAndUserID", arg0, arg1, arg2)
|
||||
ret := m.ctrl.Call(m, "GetKeyByIDAndClientID", arg0, arg1, arg2)
|
||||
ret0, _ := ret[0].(*jose.JSONWebKey)
|
||||
ret1, _ := ret[1].(error)
|
||||
return ret0, ret1
|
||||
}
|
||||
|
||||
// GetKeyByIDAndUserID indicates an expected call of GetKeyByIDAndUserID.
|
||||
func (mr *MockStorageMockRecorder) GetKeyByIDAndUserID(arg0, arg1, arg2 interface{}) *gomock.Call {
|
||||
// GetKeyByIDAndClientID indicates an expected call of GetKeyByIDAndClientID.
|
||||
func (mr *MockStorageMockRecorder) GetKeyByIDAndClientID(arg0, arg1, arg2 interface{}) *gomock.Call {
|
||||
mr.mock.ctrl.T.Helper()
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetKeyByIDAndUserID", reflect.TypeOf((*MockStorage)(nil).GetKeyByIDAndUserID), arg0, arg1, arg2)
|
||||
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetKeyByIDAndClientID", reflect.TypeOf((*MockStorage)(nil).GetKeyByIDAndClientID), arg0, arg1, arg2)
|
||||
}
|
||||
|
||||
// GetPrivateClaimsFromScopes mocks base method.
|
||||
|
|
|
|||
|
|
@ -115,10 +115,7 @@ type OPStorage interface {
|
|||
SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, tokenID, subject, origin string) error
|
||||
SetIntrospectionFromToken(ctx context.Context, userinfo oidc.IntrospectionResponse, tokenID, subject, clientID string) error
|
||||
GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (map[string]interface{}, error)
|
||||
|
||||
// GetKeyByIDAndUserID is mis-named. It does not pass userID. Instead
|
||||
// it passes the clientID.
|
||||
GetKeyByIDAndUserID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error)
|
||||
GetKeyByIDAndClientID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error)
|
||||
ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ func VerifyJWTAssertion(ctx context.Context, assertion string, v JWTProfileVerif
|
|||
}
|
||||
|
||||
type jwtProfileKeyStorage interface {
|
||||
GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error)
|
||||
GetKeyByIDAndClientID(ctx context.Context, keyID, userID string) (*jose.JSONWebKey, error)
|
||||
}
|
||||
|
||||
func SubjectIsIssuer(request *oidc.JWTTokenRequest) error {
|
||||
|
|
@ -122,7 +122,7 @@ type jwtProfileKeySet struct {
|
|||
// VerifySignature implements oidc.KeySet by getting the public key from Storage implementation
|
||||
func (k *jwtProfileKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error) {
|
||||
keyID, _ := oidc.GetKeyIDAndAlg(jws)
|
||||
key, err := k.storage.GetKeyByIDAndUserID(ctx, keyID, k.clientID)
|
||||
key, err := k.storage.GetKeyByIDAndClientID(ctx, keyID, k.clientID)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error fetching keys: %w", err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue