chore(next): v4 module for development

2024-04-02 14:23:12 +03:00 · 2024-04-02 14:23:12 +03:00 · 14e8529b68
commit 14e8529b68
parent 5cdb65c30b
98 changed files with 217 additions and 217 deletions
--- a/README.md
+++ b/README.md
@ -2,10 +2,10 @@

 [![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)
 [![Release](https://github.com/zitadel/oidc/workflows/Release/badge.svg)](https://github.com/zitadel/oidc/actions)
-[![Go Reference](https://pkg.go.dev/badge/github.com/zitadel/oidc/v3.svg)](https://pkg.go.dev/github.com/zitadel/oidc/v3)
+[![Go Reference](https://pkg.go.dev/badge/github.com/zitadel/oidc/v4.svg)](https://pkg.go.dev/github.com/zitadel/oidc/v4)
 [![license](https://badgen.net/github/license/zitadel/oidc/)](https://github.com/zitadel/oidc/blob/master/LICENSE)
 [![release](https://badgen.net/github/release/zitadel/oidc/stable)](https://github.com/zitadel/oidc/releases)
-[![Go Report Card](https://goreportcard.com/badge/github.com/zitadel/oidc/v3)](https://goreportcard.com/report/github.com/zitadel/oidc/v3)
+[![Go Report Card](https://goreportcard.com/badge/github.com/zitadel/oidc/v4)](https://goreportcard.com/report/github.com/zitadel/oidc/v4)
 [![codecov](https://codecov.io/gh/zitadel/oidc/branch/main/graph/badge.svg)](https://codecov.io/gh/zitadel/oidc)

 [![openid_certified](https://cloud.githubusercontent.com/assets/1454075/7611268/4d19de32-f97b-11e4-895b-31b2455a7ca6.png)](https://openid.net/certification/)
@ -49,9 +49,9 @@ Check the `/example` folder where example code for different scenarios is locate
 ```bash
 # start oidc op server
 # oidc discovery http://localhost:9998/.well-known/openid-configuration
-go run github.com/zitadel/oidc/v3/example/server
+go run github.com/zitadel/oidc/v4/example/server
 # start oidc web client (in a new terminal)
-CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://localhost:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v3/example/client/app
+CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://localhost:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v4/example/client/app
 ```

 - open http://localhost:9999/login in your browser
@ -61,11 +61,11 @@ CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://localhost:9998/ SCOPES="openid

 for the dynamic issuer, just start it with:
 ```bash
-go run github.com/zitadel/oidc/v3/example/server/dynamic
+go run github.com/zitadel/oidc/v4/example/server/dynamic
 ``` 
 the oidc web client above will still work, but if you add `oidc.local` (pointing to 127.0.0.1) in your hosts file you can also start it with:
 ```bash
-CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://oidc.local:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v3/example/client/app
+CLIENT_ID=web CLIENT_SECRET=secret ISSUER=http://oidc.local:9998/ SCOPES="openid profile" PORT=9999 go run github.com/zitadel/oidc/v4/example/client/app
 ```

 > Note: Usernames are suffixed with the hostname (`test-user@localhost` or `test-user@oidc.local`)
--- a/example/client/api/api.go
+++ b/example/client/api/api.go
@ -13,8 +13,8 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/sirupsen/logrus"

-	"github.com/zitadel/oidc/v3/pkg/client/rs"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client/rs"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 const (
--- a/example/client/app/app.go
+++ b/example/client/app/app.go
@ -15,9 +15,9 @@ import (
 	"github.com/sirupsen/logrus"

 	"github.com/zitadel/logging"
-	"github.com/zitadel/oidc/v3/pkg/client/rp"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client/rp"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 var (
--- a/example/client/device/device.go
+++ b/example/client/device/device.go
@ -45,8 +45,8 @@ import (

 	"github.com/sirupsen/logrus"

-	"github.com/zitadel/oidc/v3/pkg/client/rp"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/client/rp"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
 )

 var (
--- a/example/client/github/github.go
+++ b/example/client/github/github.go
@ -10,10 +10,10 @@ import (
 	"golang.org/x/oauth2"
 	githubOAuth "golang.org/x/oauth2/github"

-	"github.com/zitadel/oidc/v3/pkg/client/rp"
-	"github.com/zitadel/oidc/v3/pkg/client/rp/cli"
-	"github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client/rp"
+	"github.com/zitadel/oidc/v4/pkg/client/rp/cli"
+	"github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 var (
--- a/example/client/service/service.go
+++ b/example/client/service/service.go
@ -13,7 +13,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"golang.org/x/oauth2"

-	"github.com/zitadel/oidc/v3/pkg/client/profile"
+	"github.com/zitadel/oidc/v4/pkg/client/profile"
 )

 var client = http.DefaultClient
--- a/example/server/dynamic/login.go
+++ b/example/server/dynamic/login.go
@ -8,7 +8,7 @@ import (

 	"github.com/go-chi/chi/v5"

-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 const (
--- a/example/server/dynamic/op.go
+++ b/example/server/dynamic/op.go
@ -10,8 +10,8 @@ import (
 	"github.com/go-chi/chi/v5"
 	"golang.org/x/text/language"

-	"github.com/zitadel/oidc/v3/example/server/storage"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/example/server/storage"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 const (
--- a/example/server/exampleop/device.go
+++ b/example/server/exampleop/device.go
@ -11,7 +11,7 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/gorilla/securecookie"
 	"github.com/sirupsen/logrus"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 type deviceAuthenticate interface {
--- a/example/server/exampleop/login.go
+++ b/example/server/exampleop/login.go
@ -6,7 +6,7 @@ import (
 	"net/http"

 	"github.com/go-chi/chi/v5"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 type login struct {
--- a/example/server/exampleop/op.go
+++ b/example/server/exampleop/op.go
@ -12,8 +12,8 @@ import (
 	"github.com/zitadel/logging"
 	"golang.org/x/text/language"

-	"github.com/zitadel/oidc/v3/example/server/storage"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/example/server/storage"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 const (
--- a/example/server/main.go
+++ b/example/server/main.go
@ -6,8 +6,8 @@ import (
 	"net/http"
 	"os"

-	"github.com/zitadel/oidc/v3/example/server/exampleop"
-	"github.com/zitadel/oidc/v3/example/server/storage"
+	"github.com/zitadel/oidc/v4/example/server/exampleop"
+	"github.com/zitadel/oidc/v4/example/server/storage"
 )

 func main() {
--- a/example/server/storage/client.go
+++ b/example/server/storage/client.go
@ -3,8 +3,8 @@ package storage
 import (
 	"time"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 var (
--- a/example/server/storage/oidc.go
+++ b/example/server/storage/oidc.go
@ -6,8 +6,8 @@ import (

 	"golang.org/x/text/language"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 const (
--- a/example/server/storage/storage.go
+++ b/example/server/storage/storage.go
@ -14,8 +14,8 @@ import (
 	jose "github.com/go-jose/go-jose/v3"
 	"github.com/google/uuid"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 // serviceKey1 is a public key which will be used for the JWT Profile Authorization Grant
--- a/example/server/storage/storage_dynamic.go
+++ b/example/server/storage/storage_dynamic.go
@ -6,8 +6,8 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 type multiStorage struct {
--- a/go.mod
+++ b/go.mod
@ -1,4 +1,4 @@
-module github.com/zitadel/oidc/v3
+module github.com/zitadel/oidc/v4

 go 1.21

--- a/internal/testutil/gen/gen.go
+++ b/internal/testutil/gen/gen.go
@ -8,8 +8,8 @@ import (
 	"fmt"
 	"os"

-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 var custom = map[string]any{
--- a/internal/testutil/token.go
+++ b/internal/testutil/token.go
@ -10,7 +10,7 @@ import (

 	jose "github.com/go-jose/go-jose/v3"
 	"github.com/muhlemmer/gu"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // KeySet implements oidc.Keys
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@ -12,9 +12,9 @@ import (

 	jose "github.com/go-jose/go-jose/v3"
 	"github.com/zitadel/logging"
-	"github.com/zitadel/oidc/v3/pkg/crypto"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/crypto"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 	"go.opentelemetry.io/otel"
 	"golang.org/x/oauth2"
 )
--- a/pkg/client/integration_test.go
+++ b/pkg/client/integration_test.go
@ -23,14 +23,14 @@ import (
 	"github.com/stretchr/testify/require"
 	"golang.org/x/oauth2"

-	"github.com/zitadel/oidc/v3/example/server/exampleop"
-	"github.com/zitadel/oidc/v3/example/server/storage"
-	"github.com/zitadel/oidc/v3/pkg/client/rp"
-	"github.com/zitadel/oidc/v3/pkg/client/rs"
-	"github.com/zitadel/oidc/v3/pkg/client/tokenexchange"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/example/server/exampleop"
+	"github.com/zitadel/oidc/v4/example/server/storage"
+	"github.com/zitadel/oidc/v4/pkg/client/rp"
+	"github.com/zitadel/oidc/v4/pkg/client/rs"
+	"github.com/zitadel/oidc/v4/pkg/client/tokenexchange"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 var Logger = slog.New(
--- a/pkg/client/jwt_profile.go
+++ b/pkg/client/jwt_profile.go
@ -6,8 +6,8 @@ import (

 	"golang.org/x/oauth2"

-	"github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // JWTProfileExchange handles the oauth2 jwt profile exchange
--- a/pkg/client/profile/jwt_profile.go
+++ b/pkg/client/profile/jwt_profile.go
@ -8,8 +8,8 @@ import (
 	jose "github.com/go-jose/go-jose/v3"
 	"golang.org/x/oauth2"

-	"github.com/zitadel/oidc/v3/pkg/client"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type TokenSource interface {
--- a/pkg/client/rp/cli/cli.go
+++ b/pkg/client/rp/cli/cli.go
@ -4,9 +4,9 @@ import (
 	"context"
 	"net/http"

-	"github.com/zitadel/oidc/v3/pkg/client/rp"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client/rp"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 const (
--- a/pkg/client/rp/delegation.go
+++ b/pkg/client/rp/delegation.go
@ -1,7 +1,7 @@
 package rp

 import (
-	"github.com/zitadel/oidc/v3/pkg/oidc/grants/tokenexchange"
+	"github.com/zitadel/oidc/v4/pkg/oidc/grants/tokenexchange"
 )

 // DelegationTokenRequest is an implementation of TokenExchangeRequest
--- a/pkg/client/rp/device.go
+++ b/pkg/client/rp/device.go
@ -5,8 +5,8 @@ import (
 	"fmt"
 	"time"

-	"github.com/zitadel/oidc/v3/pkg/client"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 func newDeviceClientCredentialsRequest(scopes []string, rp RelyingParty) (*oidc.ClientCredentialsRequest, error) {
--- a/pkg/client/rp/jwks.go
+++ b/pkg/client/rp/jwks.go
@ -9,9 +9,9 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	"github.com/zitadel/oidc/v3/pkg/client"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 func NewRemoteKeySet(client *http.Client, jwksURL string, opts ...func(*remoteKeySet)) oidc.KeySet {
--- a/pkg/client/rp/relying_party.go
+++ b/pkg/client/rp/relying_party.go
@ -15,9 +15,9 @@ import (
 	"golang.org/x/oauth2/clientcredentials"

 	"github.com/zitadel/logging"
-	"github.com/zitadel/oidc/v3/pkg/client"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 const (
--- a/pkg/client/rp/relying_party_test.go
+++ b/pkg/client/rp/relying_party_test.go
@ -7,8 +7,8 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 	"golang.org/x/oauth2"
 )

--- a/pkg/client/rp/tockenexchange.go
+++ b/pkg/client/rp/tockenexchange.go
@ -5,7 +5,7 @@ import (

 	"golang.org/x/oauth2"

-	"github.com/zitadel/oidc/v3/pkg/oidc/grants/tokenexchange"
+	"github.com/zitadel/oidc/v4/pkg/oidc/grants/tokenexchange"
 )

 // TokenExchangeRP extends the `RelyingParty` interface for the *draft* oauth2 `Token Exchange`
--- a/pkg/client/rp/userinfo_example_test.go
+++ b/pkg/client/rp/userinfo_example_test.go
@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"

-	"github.com/zitadel/oidc/v3/pkg/client/rp"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client/rp"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type UserInfo struct {
--- a/pkg/client/rp/verifier.go
+++ b/pkg/client/rp/verifier.go
@ -6,8 +6,8 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	"github.com/zitadel/oidc/v3/pkg/client"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // VerifyTokens implement the Token Response Validation as defined in OIDC specification
--- a/pkg/client/rp/verifier_test.go
+++ b/pkg/client/rp/verifier_test.go
@ -8,8 +8,8 @@ import (
 	jose "github.com/go-jose/go-jose/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 func TestVerifyTokens(t *testing.T) {
--- a/pkg/client/rp/verifier_tokens_example_test.go
+++ b/pkg/client/rp/verifier_tokens_example_test.go
@ -4,9 +4,9 @@ import (
 	"context"
 	"fmt"

-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/client/rp"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/client/rp"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // MyCustomClaims extends the TokenClaims base,
--- a/pkg/client/rs/introspect_example_test.go
+++ b/pkg/client/rs/introspect_example_test.go
@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"

-	"github.com/zitadel/oidc/v3/pkg/client/rs"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client/rs"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type IntrospectionResponse struct {
--- a/pkg/client/rs/resource_server.go
+++ b/pkg/client/rs/resource_server.go
@ -6,9 +6,9 @@ import (
 	"net/http"
 	"time"

-	"github.com/zitadel/oidc/v3/pkg/client"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type ResourceServer interface {
--- a/pkg/client/rs/resource_server_test.go
+++ b/pkg/client/rs/resource_server_test.go
@ -6,7 +6,7 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 func TestNewResourceServer(t *testing.T) {
--- a/pkg/client/tokenexchange/tokenexchange.go
+++ b/pkg/client/tokenexchange/tokenexchange.go
@ -7,9 +7,9 @@ import (
 	"time"

 	"github.com/go-jose/go-jose/v3"
-	"github.com/zitadel/oidc/v3/pkg/client"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type TokenExchanger interface {
--- a/pkg/crypto/key_test.go
+++ b/pkg/crypto/key_test.go
@ -5,7 +5,7 @@ import (

 	"github.com/stretchr/testify/assert"

-	"github.com/zitadel/oidc/v3/pkg/crypto"
+	"github.com/zitadel/oidc/v4/pkg/crypto"
 )

 func TestBytesToPrivateKey(tt *testing.T) {
--- a/pkg/http/http.go
+++ b/pkg/http/http.go
@ -11,7 +11,7 @@ import (
 	"strings"
 	"time"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 var DefaultHTTPClient = &http.Client{
--- a/pkg/oidc/code_challenge.go
+++ b/pkg/oidc/code_challenge.go
@ -3,7 +3,7 @@ package oidc
 import (
 	"crypto/sha256"

-	"github.com/zitadel/oidc/v3/pkg/crypto"
+	"github.com/zitadel/oidc/v4/pkg/crypto"
 )

 const (
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@ -9,7 +9,7 @@ import (
 	"golang.org/x/oauth2"

 	"github.com/muhlemmer/gu"
-	"github.com/zitadel/oidc/v3/pkg/crypto"
+	"github.com/zitadel/oidc/v4/pkg/crypto"
 )

 const (
--- a/pkg/oidc/verifier.go
+++ b/pkg/oidc/verifier.go
@ -12,7 +12,7 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	str "github.com/zitadel/oidc/v3/pkg/strings"
+	str "github.com/zitadel/oidc/v4/pkg/strings"
 )

 type Claims interface {
--- a/pkg/oidc/verifier_parse_test.go
+++ b/pkg/oidc/verifier_parse_test.go
@ -7,8 +7,8 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 func TestParseToken(t *testing.T) {
--- a/pkg/op/auth_request.go
+++ b/pkg/op/auth_request.go
@ -15,9 +15,9 @@ import (
 	"time"

 	"github.com/bmatcuk/doublestar/v4"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	str "github.com/zitadel/oidc/v3/pkg/strings"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	str "github.com/zitadel/oidc/v4/pkg/strings"
 )

 type AuthRequest interface {
--- a/pkg/op/auth_request_test.go
+++ b/pkg/op/auth_request_test.go
@ -14,12 +14,12 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/oidc/v3/example/server/storage"
-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
-	"github.com/zitadel/oidc/v3/pkg/op/mock"
+	"github.com/zitadel/oidc/v4/example/server/storage"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op/mock"
 	"github.com/zitadel/schema"
 )

--- a/pkg/op/client.go
+++ b/pkg/op/client.go
@ -7,8 +7,8 @@ import (
 	"net/url"
 	"time"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 //go:generate go get github.com/dmarkham/enumer
--- a/pkg/op/client_test.go
+++ b/pkg/op/client_test.go
@ -13,10 +13,10 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
-	"github.com/zitadel/oidc/v3/pkg/op/mock"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op/mock"
 	"github.com/zitadel/schema"
 )

--- a/pkg/op/crypto.go
+++ b/pkg/op/crypto.go
@ -1,7 +1,7 @@
 package op

 import (
-	"github.com/zitadel/oidc/v3/pkg/crypto"
+	"github.com/zitadel/oidc/v4/pkg/crypto"
 )

 type Crypto interface {
--- a/pkg/op/device.go
+++ b/pkg/op/device.go
@ -12,9 +12,9 @@ import (
 	"strings"
 	"time"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	strs "github.com/zitadel/oidc/v3/pkg/strings"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	strs "github.com/zitadel/oidc/v4/pkg/strings"
 )

 type DeviceAuthorizationConfig struct {
--- a/pkg/op/device_test.go
+++ b/pkg/op/device_test.go
@ -16,9 +16,9 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/oidc/v3/example/server/storage"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/example/server/storage"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 func Test_deviceAuthorizationHandler(t *testing.T) {
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -6,8 +6,8 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type DiscoverStorage interface {
--- a/pkg/op/discovery_test.go
+++ b/pkg/op/discovery_test.go
@ -11,9 +11,9 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
-	"github.com/zitadel/oidc/v3/pkg/op/mock"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op/mock"
 )

 func TestDiscover(t *testing.T) {
--- a/pkg/op/endpoint_test.go
+++ b/pkg/op/endpoint_test.go
@ -4,7 +4,7 @@ import (
 	"testing"

 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 func TestEndpoint_Path(t *testing.T) {
--- a/pkg/op/error.go
+++ b/pkg/op/error.go
@ -7,8 +7,8 @@ import (
 	"log/slog"
 	"net/http"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type ErrAuthRequest interface {
--- a/pkg/op/error_test.go
+++ b/pkg/op/error_test.go
@ -13,7 +13,7 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 	"github.com/zitadel/schema"
 )

--- a/pkg/op/keys.go
+++ b/pkg/op/keys.go
@ -6,7 +6,7 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
 )

 type KeyProvider interface {
--- a/pkg/op/keys_test.go
+++ b/pkg/op/keys_test.go
@ -11,9 +11,9 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
-	"github.com/zitadel/oidc/v3/pkg/op/mock"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/op/mock"
 )

 func TestKeys(t *testing.T) {
--- a/pkg/op/mock/authorizer.mock.go
+++ b/pkg/op/mock/authorizer.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Authorizer)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: Authorizer)

 // Package mock is a generated GoMock package.
 package mock
@ -10,8 +10,8 @@ import (
 	reflect "reflect"

 	gomock "github.com/golang/mock/gomock"
-	http "github.com/zitadel/oidc/v3/pkg/http"
-	op "github.com/zitadel/oidc/v3/pkg/op"
+	http "github.com/zitadel/oidc/v4/pkg/http"
+	op "github.com/zitadel/oidc/v4/pkg/op"
 )

 // MockAuthorizer is a mock of Authorizer interface.
--- a/pkg/op/mock/authorizer.mock.impl.go
+++ b/pkg/op/mock/authorizer.mock.impl.go
@ -8,8 +8,8 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/zitadel/schema"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 func NewAuthorizer(t *testing.T) op.Authorizer {
--- a/pkg/op/mock/client.go
+++ b/pkg/op/mock/client.go
@ -5,8 +5,8 @@ import (

 	"github.com/golang/mock/gomock"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 func NewClient(t *testing.T) op.Client {
--- a/pkg/op/mock/client.mock.go
+++ b/pkg/op/mock/client.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Client)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: Client)

 // Package mock is a generated GoMock package.
 package mock
@ -9,8 +9,8 @@ import (
 	time "time"

 	gomock "github.com/golang/mock/gomock"
-	oidc "github.com/zitadel/oidc/v3/pkg/oidc"
-	op "github.com/zitadel/oidc/v3/pkg/op"
+	oidc "github.com/zitadel/oidc/v4/pkg/oidc"
+	op "github.com/zitadel/oidc/v4/pkg/op"
 )

 // MockClient is a mock of Client interface.
--- a/pkg/op/mock/configuration.mock.go
+++ b/pkg/op/mock/configuration.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Configuration)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: Configuration)

 // Package mock is a generated GoMock package.
 package mock
@ -9,7 +9,7 @@ import (
 	reflect "reflect"

 	gomock "github.com/golang/mock/gomock"
-	op "github.com/zitadel/oidc/v3/pkg/op"
+	op "github.com/zitadel/oidc/v4/pkg/op"
 	language "golang.org/x/text/language"
 )

--- a/pkg/op/mock/discovery.mock.go
+++ b/pkg/op/mock/discovery.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: DiscoverStorage)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: DiscoverStorage)

 // Package mock is a generated GoMock package.
 package mock
--- a/pkg/op/mock/generate.go
+++ b/pkg/op/mock/generate.go
@ -1,11 +1,11 @@
 package mock

 //go:generate go install github.com/golang/mock/mockgen@v1.6.0
-//go:generate mockgen -package mock -destination ./storage.mock.go github.com/zitadel/oidc/v3/pkg/op Storage
-//go:generate mockgen -package mock -destination ./authorizer.mock.go github.com/zitadel/oidc/v3/pkg/op Authorizer
-//go:generate mockgen -package mock -destination ./client.mock.go github.com/zitadel/oidc/v3/pkg/op Client
-//go:generate mockgen -package mock -destination ./glob.mock.go github.com/zitadel/oidc/v3/pkg/op HasRedirectGlobs
-//go:generate mockgen -package mock -destination ./configuration.mock.go github.com/zitadel/oidc/v3/pkg/op Configuration
-//go:generate mockgen -package mock -destination ./discovery.mock.go github.com/zitadel/oidc/v3/pkg/op DiscoverStorage
-//go:generate mockgen -package mock -destination ./signer.mock.go github.com/zitadel/oidc/v3/pkg/op SigningKey,Key
-//go:generate mockgen -package mock -destination ./key.mock.go github.com/zitadel/oidc/v3/pkg/op KeyProvider
+//go:generate mockgen -package mock -destination ./storage.mock.go github.com/zitadel/oidc/v4/pkg/op Storage
+//go:generate mockgen -package mock -destination ./authorizer.mock.go github.com/zitadel/oidc/v4/pkg/op Authorizer
+//go:generate mockgen -package mock -destination ./client.mock.go github.com/zitadel/oidc/v4/pkg/op Client
+//go:generate mockgen -package mock -destination ./glob.mock.go github.com/zitadel/oidc/v4/pkg/op HasRedirectGlobs
+//go:generate mockgen -package mock -destination ./configuration.mock.go github.com/zitadel/oidc/v4/pkg/op Configuration
+//go:generate mockgen -package mock -destination ./discovery.mock.go github.com/zitadel/oidc/v4/pkg/op DiscoverStorage
+//go:generate mockgen -package mock -destination ./signer.mock.go github.com/zitadel/oidc/v4/pkg/op SigningKey,Key
+//go:generate mockgen -package mock -destination ./key.mock.go github.com/zitadel/oidc/v4/pkg/op KeyProvider
--- a/pkg/op/mock/glob.go
+++ b/pkg/op/mock/glob.go
@ -4,8 +4,8 @@ import (
 	"testing"

 	gomock "github.com/golang/mock/gomock"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	op "github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	op "github.com/zitadel/oidc/v4/pkg/op"
 )

 func NewHasRedirectGlobs(t *testing.T) op.HasRedirectGlobs {
--- a/pkg/op/mock/glob.mock.go
+++ b/pkg/op/mock/glob.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: HasRedirectGlobs)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: HasRedirectGlobs)

 // Package mock is a generated GoMock package.
 package mock
@ -9,8 +9,8 @@ import (
 	time "time"

 	gomock "github.com/golang/mock/gomock"
-	oidc "github.com/zitadel/oidc/v3/pkg/oidc"
-	op "github.com/zitadel/oidc/v3/pkg/op"
+	oidc "github.com/zitadel/oidc/v4/pkg/oidc"
+	op "github.com/zitadel/oidc/v4/pkg/op"
 )

 // MockHasRedirectGlobs is a mock of HasRedirectGlobs interface.
--- a/pkg/op/mock/key.mock.go
+++ b/pkg/op/mock/key.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: KeyProvider)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: KeyProvider)

 // Package mock is a generated GoMock package.
 package mock
@ -9,7 +9,7 @@ import (
 	reflect "reflect"

 	gomock "github.com/golang/mock/gomock"
-	op "github.com/zitadel/oidc/v3/pkg/op"
+	op "github.com/zitadel/oidc/v4/pkg/op"
 )

 // MockKeyProvider is a mock of KeyProvider interface.
--- a/pkg/op/mock/signer.mock.go
+++ b/pkg/op/mock/signer.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: SigningKey,Key)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: SigningKey,Key)

 // Package mock is a generated GoMock package.
 package mock
--- a/pkg/op/mock/storage.mock.go
+++ b/pkg/op/mock/storage.mock.go
@ -1,5 +1,5 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/zitadel/oidc/v3/pkg/op (interfaces: Storage)
+// Source: github.com/zitadel/oidc/v4/pkg/op (interfaces: Storage)

 // Package mock is a generated GoMock package.
 package mock
@ -11,8 +11,8 @@ import (

 	jose "github.com/go-jose/go-jose/v3"
 	gomock "github.com/golang/mock/gomock"
-	oidc "github.com/zitadel/oidc/v3/pkg/oidc"
-	op "github.com/zitadel/oidc/v3/pkg/op"
+	oidc "github.com/zitadel/oidc/v4/pkg/oidc"
+	op "github.com/zitadel/oidc/v4/pkg/op"
 )

 // MockStorage is a mock of Storage interface.
--- a/pkg/op/mock/storage.mock.impl.go
+++ b/pkg/op/mock/storage.mock.impl.go
@ -8,8 +8,8 @@ import (

 	"github.com/golang/mock/gomock"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 func NewStorage(t *testing.T) op.Storage {
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -14,8 +14,8 @@ import (
 	"go.opentelemetry.io/otel"
 	"golang.org/x/text/language"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 const (
--- a/pkg/op/op_test.go
+++ b/pkg/op/op_test.go
@ -14,9 +14,9 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/zitadel/oidc/v3/example/server/storage"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/example/server/storage"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 	"golang.org/x/text/language"
 )

--- a/pkg/op/probes.go
+++ b/pkg/op/probes.go
@ -5,7 +5,7 @@ import (
 	"errors"
 	"net/http"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
 )

 type ProbesFn func(context.Context) error
--- a/pkg/op/server.go
+++ b/pkg/op/server.go
@ -6,8 +6,8 @@ import (
 	"net/url"

 	"github.com/muhlemmer/gu"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // Server describes the interface that needs to be implemented to serve
--- a/pkg/op/server_http.go
+++ b/pkg/op/server_http.go
@ -9,8 +9,8 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/rs/cors"
 	"github.com/zitadel/logging"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 	"github.com/zitadel/schema"
 )

--- a/pkg/op/server_http_routes_test.go
+++ b/pkg/op/server_http_routes_test.go
@ -14,9 +14,9 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

-	"github.com/zitadel/oidc/v3/pkg/client"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	"github.com/zitadel/oidc/v4/pkg/client"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 func jwtProfile() (string, error) {
--- a/pkg/op/server_http_test.go
+++ b/pkg/op/server_http_test.go
@ -17,8 +17,8 @@ import (
 	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 	"github.com/zitadel/schema"
 )

--- a/pkg/op/server_legacy.go
+++ b/pkg/op/server_legacy.go
@ -7,7 +7,7 @@ import (
 	"time"

 	"github.com/go-chi/chi/v5"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // ExtendedLegacyServer allows embedding [LegacyServer] in a struct,
--- a/pkg/op/session.go
+++ b/pkg/op/session.go
@ -8,8 +8,8 @@ import (
 	"net/url"
 	"path"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type SessionEnder interface {
--- a/pkg/op/storage.go
+++ b/pkg/op/storage.go
@ -7,7 +7,7 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type AuthStorage interface {
--- a/pkg/op/token.go
+++ b/pkg/op/token.go
@ -4,9 +4,9 @@ import (
 	"context"
 	"time"

-	"github.com/zitadel/oidc/v3/pkg/crypto"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/strings"
+	"github.com/zitadel/oidc/v4/pkg/crypto"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/strings"
 )

 type TokenCreator interface {
--- a/pkg/op/token_client_credentials.go
+++ b/pkg/op/token_client_credentials.go
@ -5,8 +5,8 @@ import (
 	"net/http"
 	"net/url"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // ClientCredentialsExchange handles the OAuth 2.0 client_credentials grant, including
--- a/pkg/op/token_code.go
+++ b/pkg/op/token_code.go
@ -4,8 +4,8 @@ import (
 	"context"
 	"net/http"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // CodeExchange handles the OAuth 2.0 authorization_code grant, including
--- a/pkg/op/token_exchange.go
+++ b/pkg/op/token_exchange.go
@ -7,8 +7,8 @@ import (
 	"strings"
 	"time"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type TokenExchangeRequest interface {
--- a/pkg/op/token_intospection.go
+++ b/pkg/op/token_intospection.go
@ -5,8 +5,8 @@ import (
 	"errors"
 	"net/http"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type Introspector interface {
--- a/pkg/op/token_jwt_profile.go
+++ b/pkg/op/token_jwt_profile.go
@ -5,8 +5,8 @@ import (
 	"net/http"
 	"time"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type JWTAuthorizationGrantExchanger interface {
--- a/pkg/op/token_refresh.go
+++ b/pkg/op/token_refresh.go
@ -6,9 +6,9 @@ import (
 	"net/http"
 	"time"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/strings"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/strings"
 )

 type RefreshTokenRequest interface {
--- a/pkg/op/token_request.go
+++ b/pkg/op/token_request.go
@ -6,8 +6,8 @@ import (
 	"net/http"
 	"net/url"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type Exchanger interface {
--- a/pkg/op/token_revocation.go
+++ b/pkg/op/token_revocation.go
@ -7,8 +7,8 @@ import (
 	"net/url"
 	"strings"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type Revoker interface {
--- a/pkg/op/userinfo.go
+++ b/pkg/op/userinfo.go
@ -6,8 +6,8 @@ import (
 	"net/http"
 	"strings"

-	httphelper "github.com/zitadel/oidc/v3/pkg/http"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	httphelper "github.com/zitadel/oidc/v4/pkg/http"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type UserinfoProvider interface {
--- a/pkg/op/verifier_access_token.go
+++ b/pkg/op/verifier_access_token.go
@ -3,7 +3,7 @@ package op
 import (
 	"context"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type AccessTokenVerifier oidc.Verifier
--- a/pkg/op/verifier_access_token_example_test.go
+++ b/pkg/op/verifier_access_token_example_test.go
@ -4,9 +4,9 @@ import (
 	"context"
 	"fmt"

-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 // MyCustomClaims extends the TokenClaims base,
--- a/pkg/op/verifier_access_token_test.go
+++ b/pkg/op/verifier_access_token_test.go
@ -7,8 +7,8 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 func TestNewAccessTokenVerifier(t *testing.T) {
--- a/pkg/op/verifier_id_token_hint.go
+++ b/pkg/op/verifier_id_token_hint.go
@ -4,7 +4,7 @@ import (
 	"context"
 	"errors"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 type IDTokenHintVerifier oidc.Verifier
--- a/pkg/op/verifier_id_token_hint_test.go
+++ b/pkg/op/verifier_id_token_hint_test.go
@ -8,8 +8,8 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 func TestNewIDTokenHintVerifier(t *testing.T) {
--- a/pkg/op/verifier_jwt_profile.go
+++ b/pkg/op/verifier_jwt_profile.go
@ -8,7 +8,7 @@ import (

 	jose "github.com/go-jose/go-jose/v3"

-	"github.com/zitadel/oidc/v3/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
 )

 // JWTProfileVerfiier extends oidc.Verifier with
--- a/pkg/op/verifier_jwt_profile_test.go
+++ b/pkg/op/verifier_jwt_profile_test.go
@ -7,9 +7,9 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	tu "github.com/zitadel/oidc/v3/internal/testutil"
-	"github.com/zitadel/oidc/v3/pkg/oidc"
-	"github.com/zitadel/oidc/v3/pkg/op"
+	tu "github.com/zitadel/oidc/v4/internal/testutil"
+	"github.com/zitadel/oidc/v4/pkg/oidc"
+	"github.com/zitadel/oidc/v4/pkg/op"
 )

 func TestNewJWTProfileVerifier(t *testing.T) {