clenaup

example/client/service/service.go

@@ -21,24 +21,18 @@ var (
 )
 
 func main() {
-	//keyPath := os.Getenv("KEY_PATH")
+	keyPath := os.Getenv("KEY_PATH")
 	issuer := os.Getenv("ISSUER")
 	port := os.Getenv("PORT")
 	scopes := strings.Split(os.Getenv("SCOPES"), " ")
-	//testURL := os.Getenv("TEST_URL")
 
-	//if keyPath != "" {
+	if keyPath != "" {
-	//	ts, err := rp.NewJWTProfileTokenSourceFromFile(issuer, keyPath, scopes)
+		ts, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, keyPath, scopes)
-	//	if err != nil {
+		if err != nil {
-	//		logrus.Fatalf("error creating token source %s", err.Error())
+			logrus.Fatalf("error creating token source %s", err.Error())
-	//	}
+		}
-	//	//client = oauth2.NewClient(context.Background(), ts)
+		client = oauth2.NewClient(context.Background(), ts)
-	//	resp, err := callExampleEndpoint(client, testURL)
+	}
-	//	if err != nil {
-	//		logrus.Fatalf("error response from test url: %s", err.Error())
-	//	}
-	//	fmt.Println(resp)
-	//}
 
 	http.HandleFunc("/jwt-profile", func(w http.ResponseWriter, r *http.Request) {
 		if r.Method == "GET" {
@@ -84,7 +78,7 @@ func main() {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
-			ts, err := profile.NewJWTProfileTokenSourceFromKeyFile(issuer, key, scopes)
+			ts, err := profile.NewJWTProfileTokenSourceFromKeyFileData(issuer, key, scopes)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
@@ -95,16 +89,6 @@ func main() {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
-			//assertion, err := oidc.NewJWTProfileAssertionFromFileData(key, []string{issuer})
-			//if err != nil {
-			//	http.Error(w, err.Error(), http.StatusInternalServerError)
-			//	return
-			//}
-			//token, err := rp.JWTProfileAssertionExchange(ctx, assertion, scopes, provider)
-			//if err != nil {
-			//	http.Error(w, err.Error(), http.StatusInternalServerError)
-			//	return
-			//}
 			data, err := json.Marshal(token)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)

example/internal/mock/storage.go

@@ -210,23 +210,34 @@ func (s *AuthStorage) AuthorizeClientIDSecret(_ context.Context, id string, _ st
 	return nil
 }
 
-func (s *AuthStorage) GetUserinfoFromToken(ctx context.Context, _, _, _ string) (oidc.UserInfo, error) {
+func (s *AuthStorage) SetUserinfoFromToken(ctx context.Context, userinfo oidc.UserInfoSetter, _, _, _ string) error {
-	return s.GetUserinfoFromScopes(ctx, "", "", []string{})
+	return s.SetUserinfoFromScopes(ctx, userinfo, "", "", []string{})
 }
-func (s *AuthStorage) GetUserinfoFromScopes(_ context.Context, _, _ string, _ []string) (oidc.UserInfo, error) {
+func (s *AuthStorage) SetUserinfoFromScopes(ctx context.Context, userinfo oidc.UserInfoSetter, _, _ string, _ []string) error {
-	userinfo := oidc.NewUserInfo()
 	userinfo.SetSubject(a.GetSubject())
 	userinfo.SetAddress(oidc.NewUserInfoAddress("Test 789\nPostfach 2", "", "", "", "", ""))
 	userinfo.SetEmail("test", true)
 	userinfo.SetPhone("0791234567", true)
 	userinfo.SetName("Test")
 	userinfo.AppendClaims("private_claim", "test")
-	return userinfo, nil
+	return nil
 }
 func (s *AuthStorage) GetPrivateClaimsFromScopes(_ context.Context, _, _ string, _ []string) (map[string]interface{}, error) {
 	return map[string]interface{}{"private_claim": "test"}, nil
 }
 
+func (s *AuthStorage) SetIntrospectionFromToken(ctx context.Context, userinfo oidc.IntrospectionResponse, tokenID, subject, clientID string) error {
+	if err := s.SetUserinfoFromScopes(ctx, userinfo, "", "", []string{}); err != nil {
+		return err
+	}
+	userinfo.SetClientID(a.ClientID)
+	return nil
+}
+
+func (s *AuthStorage) ValidateJWTProfileScopes(ctx context.Context, userID string, scope oidc.Scopes) (oidc.Scopes, error) {
+	return scope, nil
+}
+
 type ConfClient struct {
 	applicationType op.ApplicationType
 	authMethod      oidc.AuthMethod

pkg/client/profile/jwt_profile.go

@@ -23,7 +23,15 @@ type jwtProfileTokenSource struct {
 	tokenEndpoint string
 }
 
-func NewJWTProfileTokenSourceFromKeyFile(issuer string, data []byte, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) {
+func NewJWTProfileTokenSourceFromKeyFile(issuer, keyPath string, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) {
+	keyData, err := client.ConfigFromKeyFile(keyPath)
+	if err != nil {
+		return nil, err
+	}
+	return NewJWTProfileTokenSource(issuer, keyData.UserID, keyData.KeyID, []byte(keyData.Key), scopes, options...)
+}
+
+func NewJWTProfileTokenSourceFromKeyFileData(issuer string, data []byte, scopes []string, options ...func(source *jwtProfileTokenSource)) (oauth2.TokenSource, error) {
 	keyData, err := client.ConfigFromKeyFileData(data)
 	if err != nil {
 		return nil, err

pkg/oidc/introspection.go

@@ -21,7 +21,7 @@ type IntrospectionResponse interface {
 	UserInfoSetter
 	SetActive(bool)
 	IsActive() bool
-	SetScopes(scopes Scope)
+	SetScopes(scopes Scopes)
 	SetClientID(id string)
 }
 
@@ -31,7 +31,7 @@ func NewIntrospectionResponse() IntrospectionResponse {
 
 type introspectionResponse struct {
 	Active   bool   `json:"active"`
-	Scope    Scope  `json:"scope,omitempty"`
+	Scope    Scopes `json:"scope,omitempty"`
 	ClientID string `json:"client_id,omitempty"`
 	Subject  string `json:"sub,omitempty"`
 	userInfoProfile
@@ -46,7 +46,7 @@ func (u *introspectionResponse) IsActive() bool {
 	return u.Active
 }
 
-func (u *introspectionResponse) SetScopes(scope Scope) {
+func (u *introspectionResponse) SetScopes(scope Scopes) {
 	u.Scope = scope
 }
 
@@ -252,10 +252,6 @@ func (i *introspectionResponse) MarshalJSON() ([]byte, error) {
 	}
 
 	return json.Marshal(i.claims)
-	//if err != nil {
-	//	return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims)
-	//}
-	//return utils.ConcatenateJSON(b, claims)
 }
 
 func (i *introspectionResponse) UnmarshalJSON(data []byte) error {

pkg/oidc/types.go

@@ -59,7 +59,6 @@ type Prompt string
 type ResponseType string
 
 type Scopes []string
-type Scope []string //TODO: hurst?
 
 func (s Scopes) Encode() string {
 	return strings.Join(s, " ")
@@ -74,16 +73,16 @@ func (s *Scopes) MarshalText() ([]byte, error) {
 	return []byte(s.Encode()), nil
 }
 
-func (s *Scope) MarshalJSON() ([]byte, error) {
+func (s *Scopes) MarshalJSON() ([]byte, error) {
-	return json.Marshal(Scopes(*s).Encode())
+	return json.Marshal((*s).Encode())
 }
 
-func (s *Scope) UnmarshalJSON(data []byte) error {
+func (s *Scopes) UnmarshalJSON(data []byte) error {
 	var str string
 	if err := json.Unmarshal(data, &str); err != nil {
 		return err
 	}
-	*s = Scope(strings.Split(str, " "))
+	*s = strings.Split(str, " ")
 	return nil
 }
 

pkg/oidc/userinfo.go

@@ -355,11 +355,6 @@ func (i *userinfo) MarshalJSON() ([]byte, error) {
 	}
 
 	return json.Marshal(i.claims)
-	//claims, err := json.Marshal(i.claims)
-	//if err != nil {
-	//	return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims)
-	//}
-	//return utils.ConcatenateJSON(b, claims)
 }
 
 func (i *userinfo) UnmarshalJSON(data []byte) error {

pkg/op/discovery.go

@@ -26,15 +26,11 @@ func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfigurati
 		TokenEndpoint:                             c.TokenEndpoint().Absolute(c.Issuer()),
 		IntrospectionEndpoint:                     c.IntrospectionEndpoint().Absolute(c.Issuer()),
 		UserinfoEndpoint:                          c.UserinfoEndpoint().Absolute(c.Issuer()),
-		//RevocationEndpoint:  c.RevocationEndpoint().Absolute(c.Issuer()),
 		EndSessionEndpoint:                        c.EndSessionEndpoint().Absolute(c.Issuer()),
-		// CheckSessionIframe: c.TokenEndpoint().Absolute(c.Issuer())(c.CheckSessionIframe),
 		JwksURI:                                   c.KeysEndpoint().Absolute(c.Issuer()),
 		ScopesSupported:                           Scopes(c),
 		ResponseTypesSupported:                    ResponseTypes(c),
-		//ResponseModesSupported:
 		GrantTypesSupported:                       GrantTypes(c),
-		//ACRValuesSupported:                ACRValues(c),
 		SubjectTypesSupported:                     SubjectTypes(c),
 		IDTokenSigningAlgValuesSupported:          SigAlgorithms(s),
 		TokenEndpointAuthMethodsSupported:         AuthMethodsTokenEndpoint(c),

pkg/utils/http.go

@@ -42,9 +42,6 @@ func FormRequest(endpoint string, request interface{}, encoder Encoder, authFn i
 	if fn, ok := authFn.(FormAuthorization); ok {
 		fn(form)
 	}
-	if fn, ok := authFn.(func(url.Values)); ok {
-		fn(form)
-	}
 	body := strings.NewReader(form.Encode())
 	req, err := http.NewRequest("POST", endpoint, body)
 	if err != nil {