move tracer to client,
add tracing in rs, client
This commit is contained in:
adlerhurst
parent
0fe7c3307f
commit
1b94f796eb
8 changed files with 59 additions and 37 deletions
|
|
@ -33,7 +33,7 @@ func newDeviceClientCredentialsRequest(scopes []string, rp RelyingParty) (*oidc.
|
|||
// in RFC 8628, section 3.1 and 3.2:
|
||||
// https://www.rfc-editor.org/rfc/rfc8628#section-3.1
|
||||
func DeviceAuthorization(ctx context.Context, scopes []string, rp RelyingParty, authFn any) (*oidc.DeviceAuthorizationResponse, error) {
|
||||
ctx, span := tracer.Start(ctx, "DeviceAuthorization")
|
||||
ctx, span := client.Tracer.Start(ctx, "DeviceAuthorization")
|
||||
defer span.End()
|
||||
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "DeviceAuthorization")
|
||||
|
|
@ -49,7 +49,7 @@ func DeviceAuthorization(ctx context.Context, scopes []string, rp RelyingParty,
|
|||
// by means of polling as defined in RFC, section 3.3 and 3.4:
|
||||
// https://www.rfc-editor.org/rfc/rfc8628#section-3.4
|
||||
func DeviceAccessToken(ctx context.Context, deviceCode string, interval time.Duration, rp RelyingParty) (resp *oidc.AccessTokenResponse, err error) {
|
||||
ctx, span := tracer.Start(ctx, "DeviceAccessToken")
|
||||
ctx, span := client.Tracer.Start(ctx, "DeviceAccessToken")
|
||||
defer span.End()
|
||||
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "DeviceAccessToken")
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
jose "github.com/go-jose/go-jose/v3"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
|
@ -83,7 +84,7 @@ func (i *inflight) result() ([]jose.JSONWebKey, error) {
|
|||
}
|
||||
|
||||
func (r *remoteKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) ([]byte, error) {
|
||||
ctx, span := tracer.Start(ctx, "VerifySignature")
|
||||
ctx, span := client.Tracer.Start(ctx, "VerifySignature")
|
||||
defer span.End()
|
||||
|
||||
keyID, alg := oidc.GetKeyIDAndAlg(jws)
|
||||
|
|
@ -138,7 +139,7 @@ func (r *remoteKeySet) exactMatch(jwkID, jwsID string) bool {
|
|||
}
|
||||
|
||||
func (r *remoteKeySet) verifySignatureRemote(ctx context.Context, jws *jose.JSONWebSignature, keyID, alg string) ([]byte, error) {
|
||||
ctx, span := tracer.Start(ctx, "verifySignatureRemote")
|
||||
ctx, span := client.Tracer.Start(ctx, "verifySignatureRemote")
|
||||
defer span.End()
|
||||
|
||||
keys, err := r.keysFromRemote(ctx)
|
||||
|
|
@ -165,7 +166,7 @@ func (r *remoteKeySet) keysFromCache() (keys []jose.JSONWebKey) {
|
|||
// keysFromRemote syncs the key set from the remote set, records the values in the
|
||||
// cache, and returns the key set.
|
||||
func (r *remoteKeySet) keysFromRemote(ctx context.Context) ([]jose.JSONWebKey, error) {
|
||||
ctx, span := tracer.Start(ctx, "keysFromRemote")
|
||||
ctx, span := client.Tracer.Start(ctx, "keysFromRemote")
|
||||
defer span.End()
|
||||
|
||||
// Need to lock to inspect the inflight request field.
|
||||
|
|
@ -191,7 +192,7 @@ func (r *remoteKeySet) keysFromRemote(ctx context.Context) ([]jose.JSONWebKey, e
|
|||
}
|
||||
|
||||
func (r *remoteKeySet) updateKeys(ctx context.Context) {
|
||||
ctx, span := tracer.Start(ctx, "updateKeys")
|
||||
ctx, span := client.Tracer.Start(ctx, "updateKeys")
|
||||
defer span.End()
|
||||
|
||||
// Sync keys and finish inflight when that's done.
|
||||
|
|
@ -213,7 +214,7 @@ func (r *remoteKeySet) updateKeys(ctx context.Context) {
|
|||
}
|
||||
|
||||
func (r *remoteKeySet) fetchRemoteKeys(ctx context.Context) ([]jose.JSONWebKey, error) {
|
||||
ctx, span := tracer.Start(ctx, "fetchRemoteKeys")
|
||||
ctx, span := client.Tracer.Start(ctx, "fetchRemoteKeys")
|
||||
defer span.End()
|
||||
|
||||
req, err := http.NewRequest("GET", r.jwksURL, nil)
|
||||
|
|
|
|||
|
|
@ -11,12 +11,10 @@ import (
|
|||
|
||||
"github.com/go-jose/go-jose/v3"
|
||||
"github.com/google/uuid"
|
||||
"github.com/zitadel/logging"
|
||||
"go.opentelemetry.io/otel"
|
||||
"go.opentelemetry.io/otel/trace"
|
||||
"golang.org/x/oauth2"
|
||||
"golang.org/x/oauth2/clientcredentials"
|
||||
|
||||
"github.com/zitadel/logging"
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
httphelper "github.com/zitadel/oidc/v3/pkg/http"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
|
|
@ -30,12 +28,6 @@ const (
|
|||
|
||||
var ErrUserInfoSubNotMatching = errors.New("sub from userinfo does not match the sub from the id_token")
|
||||
|
||||
var tracer trace.Tracer
|
||||
|
||||
func init() {
|
||||
tracer = otel.Tracer("github.com/zitadel/oidc/pkg/client/rp")
|
||||
}
|
||||
|
||||
// RelyingParty declares the minimal interface for oidc clients
|
||||
type RelyingParty interface {
|
||||
// OAuthConfig returns the oauth2 Config
|
||||
|
|
@ -436,7 +428,7 @@ func GenerateAndStoreCodeChallenge(w http.ResponseWriter, rp RelyingParty) (stri
|
|||
var ErrMissingIDToken = errors.New("id_token missing")
|
||||
|
||||
func verifyTokenResponse[C oidc.IDClaims](ctx context.Context, token *oauth2.Token, rp RelyingParty) (*oidc.Tokens[C], error) {
|
||||
ctx, span := tracer.Start(ctx, "verifyTokenResponse")
|
||||
ctx, span := client.Tracer.Start(ctx, "verifyTokenResponse")
|
||||
defer span.End()
|
||||
|
||||
if rp.IsOAuth2Only() {
|
||||
|
|
@ -456,7 +448,7 @@ func verifyTokenResponse[C oidc.IDClaims](ctx context.Context, token *oauth2.Tok
|
|||
// CodeExchange handles the oauth2 code exchange, extracting and validating the id_token
|
||||
// returning it parsed together with the oauth2 tokens (access, refresh)
|
||||
func CodeExchange[C oidc.IDClaims](ctx context.Context, code string, rp RelyingParty, opts ...CodeExchangeOpt) (tokens *oidc.Tokens[C], err error) {
|
||||
ctx, codeExchangeSpan := tracer.Start(ctx, "CodeExchange")
|
||||
ctx, codeExchangeSpan := client.Tracer.Start(ctx, "CodeExchange")
|
||||
defer codeExchangeSpan.End()
|
||||
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "CodeExchange")
|
||||
|
|
@ -466,7 +458,7 @@ func CodeExchange[C oidc.IDClaims](ctx context.Context, code string, rp RelyingP
|
|||
codeOpts = append(codeOpts, opt()...)
|
||||
}
|
||||
|
||||
ctx, oauthExchangeSpan := tracer.Start(ctx, "OAuthExchange")
|
||||
ctx, oauthExchangeSpan := client.Tracer.Start(ctx, "OAuthExchange")
|
||||
token, err := rp.OAuthConfig().Exchange(ctx, code, codeOpts...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -485,7 +477,7 @@ func CodeExchange[C oidc.IDClaims](ctx context.Context, code string, rp RelyingP
|
|||
// [RFC 6749, section 4.4]: https://datatracker.ietf.org/doc/html/rfc6749#section-4.4
|
||||
func ClientCredentials(ctx context.Context, rp RelyingParty, endpointParams url.Values) (token *oauth2.Token, err error) {
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "ClientCredentials")
|
||||
ctx, span := tracer.Start(ctx, "ClientCredentials")
|
||||
ctx, span := client.Tracer.Start(ctx, "ClientCredentials")
|
||||
defer span.End()
|
||||
|
||||
ctx = context.WithValue(ctx, oauth2.HTTPClient, rp.HttpClient())
|
||||
|
|
@ -508,7 +500,7 @@ type CodeExchangeCallback[C oidc.IDClaims] func(w http.ResponseWriter, r *http.R
|
|||
// Custom parameters can optionally be set to the token URL.
|
||||
func CodeExchangeHandler[C oidc.IDClaims](callback CodeExchangeCallback[C], rp RelyingParty, urlParam ...URLParamOpt) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
ctx, span := tracer.Start(r.Context(), "CodeExchangeHandler")
|
||||
ctx, span := client.Tracer.Start(r.Context(), "CodeExchangeHandler")
|
||||
r = r.WithContext(ctx)
|
||||
defer span.End()
|
||||
|
||||
|
|
@ -563,7 +555,7 @@ type CodeExchangeUserinfoCallback[C oidc.IDClaims, U SubjectGetter] func(w http.
|
|||
// on success it will pass the userinfo into its callback function as well
|
||||
func UserinfoCallback[C oidc.IDClaims, U SubjectGetter](f CodeExchangeUserinfoCallback[C, U]) CodeExchangeCallback[C] {
|
||||
return func(w http.ResponseWriter, r *http.Request, tokens *oidc.Tokens[C], state string, rp RelyingParty) {
|
||||
ctx, span := tracer.Start(r.Context(), "UserinfoCallback")
|
||||
ctx, span := client.Tracer.Start(r.Context(), "UserinfoCallback")
|
||||
r = r.WithContext(ctx)
|
||||
defer span.End()
|
||||
|
||||
|
|
@ -585,7 +577,7 @@ func UserinfoCallback[C oidc.IDClaims, U SubjectGetter](f CodeExchangeUserinfoCa
|
|||
func Userinfo[U SubjectGetter](ctx context.Context, token, tokenType, subject string, rp RelyingParty) (userinfo U, err error) {
|
||||
var nilU U
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "Userinfo")
|
||||
ctx, span := tracer.Start(ctx, "Userinfo")
|
||||
ctx, span := client.Tracer.Start(ctx, "Userinfo")
|
||||
defer span.End()
|
||||
|
||||
req, err := http.NewRequestWithContext(ctx, http.MethodGet, rp.UserinfoEndpoint(), nil)
|
||||
|
|
@ -745,7 +737,7 @@ type RefreshTokenRequest struct {
|
|||
// the IDToken and AccessToken will be verfied
|
||||
// and the IDToken and IDTokenClaims fields will be populated in the returned object.
|
||||
func RefreshTokens[C oidc.IDClaims](ctx context.Context, rp RelyingParty, refreshToken, clientAssertion, clientAssertionType string) (*oidc.Tokens[C], error) {
|
||||
ctx, span := tracer.Start(ctx, "RefreshTokens")
|
||||
ctx, span := client.Tracer.Start(ctx, "RefreshTokens")
|
||||
defer span.End()
|
||||
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "RefreshTokens")
|
||||
|
|
@ -773,7 +765,7 @@ func RefreshTokens[C oidc.IDClaims](ctx context.Context, rp RelyingParty, refres
|
|||
|
||||
func EndSession(ctx context.Context, rp RelyingParty, idToken, optionalRedirectURI, optionalState string) (*url.URL, error) {
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "EndSession")
|
||||
ctx, span := tracer.Start(ctx, "RefreshTokens")
|
||||
ctx, span := client.Tracer.Start(ctx, "RefreshTokens")
|
||||
defer span.End()
|
||||
|
||||
request := oidc.EndSessionRequest{
|
||||
|
|
@ -792,7 +784,7 @@ func EndSession(ctx context.Context, rp RelyingParty, idToken, optionalRedirectU
|
|||
// tokenTypeHint should be either "id_token" or "refresh_token".
|
||||
func RevokeToken(ctx context.Context, rp RelyingParty, token string, tokenTypeHint string) error {
|
||||
ctx = logCtxWithRPData(ctx, rp, "function", "RevokeToken")
|
||||
ctx, span := tracer.Start(ctx, "RefreshTokens")
|
||||
ctx, span := client.Tracer.Start(ctx, "RefreshTokens")
|
||||
defer span.End()
|
||||
request := client.RevokeRequest{
|
||||
Token: token,
|
||||
|
|
|
|||
|
|
@ -6,13 +6,14 @@ import (
|
|||
|
||||
jose "github.com/go-jose/go-jose/v3"
|
||||
|
||||
"github.com/zitadel/oidc/v3/pkg/client"
|
||||
"github.com/zitadel/oidc/v3/pkg/oidc"
|
||||
)
|
||||
|
||||
// VerifyTokens implement the Token Response Validation as defined in OIDC specification
|
||||
// https://openid.net/specs/openid-connect-core-1_0.html#TokenResponseValidation
|
||||
func VerifyTokens[C oidc.IDClaims](ctx context.Context, accessToken, idToken string, v *IDTokenVerifier) (claims C, err error) {
|
||||
ctx, span := tracer.Start(ctx, "VerifyTokens")
|
||||
ctx, span := client.Tracer.Start(ctx, "VerifyTokens")
|
||||
defer span.End()
|
||||
|
||||
var nilClaims C
|
||||
|
|
@ -30,7 +31,7 @@ func VerifyTokens[C oidc.IDClaims](ctx context.Context, accessToken, idToken str
|
|||
// VerifyIDToken validates the id token according to
|
||||
// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
|
||||
func VerifyIDToken[C oidc.Claims](ctx context.Context, token string, v *IDTokenVerifier) (claims C, err error) {
|
||||
ctx, span := tracer.Start(ctx, "VerifyIDToken")
|
||||
ctx, span := client.Tracer.Start(ctx, "VerifyIDToken")
|
||||
defer span.End()
|
||||
|
||||
var nilClaims C
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue