some documentation

pkg/rp/default_rp.go

@@ -20,6 +20,7 @@ const (
 	stateParam = "state"
 )
 
+//DefaultRP impements the `DelegationTokenExchangeRP` interface extending the `RelayingParty` interface
 type DefaultRP struct {
 	endpoints Endpoints
 
@@ -32,7 +33,11 @@ type DefaultRP struct {
 	verifier Verifier
 }
 
-func NewDefaultRelayingParty(rpConfig *Config, rpOpts ...DefaultRPOpts) (DelegationTokenExchangeRP, error) {
+//NewDefaultRP creates `DefaultRP` with the given
+//Config and possible configOptions
+//it will run discovery on the provided issuer
+//if no verifier is provided using the options the `DefaultVerifier` is set
+func NewDefaultRP(rpConfig *Config, rpOpts ...DefaultRPOpts) (DelegationTokenExchangeRP, error) {
 	p := &DefaultRP{
 		config:     rpConfig,
 		httpClient: utils.DefaultHTTPClient,
@@ -47,30 +52,38 @@ func NewDefaultRelayingParty(rpConfig *Config, rpOpts ...DefaultRPOpts) (Delegat
 	}
 
 	if p.verifier == nil {
-		// p.verifier = NewVerifier(rpConfig.Issuer, rpConfig.ClientID, utils.NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL)) //TODO: keys endpoint
+		p.verifier = NewDefaultVerifier(rpConfig.Issuer, rpConfig.ClientID, nil) //utils.NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL)) //TODO: keys endpoint
 	}
 
 	return p, nil
 }
 
+//DefaultRPOpts is the type for providing dynamic options to the DefaultRP
 type DefaultRPOpts func(p *DefaultRP)
 
+//WithCookieHandler set a `CookieHandler` for securing the various redirects
 func WithCookieHandler(cookieHandler *utils.CookieHandler) DefaultRPOpts {
 	return func(p *DefaultRP) {
 		p.cookieHandler = cookieHandler
 	}
 }
 
+//WithHTTPClient provides the ability to set an http client to be used for the relaying party and verifier
 func WithHTTPClient(client *http.Client) DefaultRPOpts {
 	return func(p *DefaultRP) {
 		p.httpClient = client
 	}
 }
 
+//AuthURL is the `RelayingParty` interface implementation
+//wrapping the oauth2 `AuthCodeURL`
+//returning the url of the auth request
 func (p *DefaultRP) AuthURL(state string) string {
 	return p.oauthConfig.AuthCodeURL(state)
 }
 
+//AuthURL is the `RelayingParty` interface implementation
+//extending the `AuthURL` method with a http redirect handler
 func (p *DefaultRP) AuthURLHandler(state string) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if err := p.trySetStateCookie(w, state); err != nil {
@@ -81,6 +94,9 @@ func (p *DefaultRP) AuthURLHandler(state string) http.HandlerFunc {
 	}
 }
 
+//AuthURL is the `RelayingParty` interface implementation
+//handling the oauth2 code exchange, extracting and validating the id_token
+//returning it paresed together with the oauth2 tokens (access, refresh)
 func (p *DefaultRP) CodeExchange(ctx context.Context, code string) (tokens *oidc.Tokens, err error) {
 	token, err := p.oauthConfig.Exchange(ctx, code)
 	if err != nil {
@@ -99,6 +115,8 @@ func (p *DefaultRP) CodeExchange(ctx context.Context, code string) (tokens *oidc
 	return &oidc.Tokens{Token: token, IDTokenClaims: idToken}, nil
 }
 
+//AuthURL is the `RelayingParty` interface implementation
+//extending the `CodeExchange` method with callback function
 func (p *DefaultRP) CodeExchangeHandler(callback func(http.ResponseWriter, *http.Request, *oidc.Tokens, string)) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		state, err := p.tryReadStateCookie(w, r)
@@ -127,28 +145,20 @@ func (p *DefaultRP) CodeExchangeHandler(callback func(http.ResponseWriter, *http
 
 func (p *DefaultRP) Userinfo() {}
 
-func (p *DefaultRP) TokenExchange(ctx context.Context, request *grants_tx.TokenExchangeRequest) (newToken *oauth2.Token, err error) {
-	return p.callTokenEndpoint(request)
-}
-
-func (p *DefaultRP) callTokenEndpoint(request interface{}) (newToken *oauth2.Token, err error) {
-	req, err := utils.FormRequest(p.endpoints.TokenURL, request)
-	if err != nil {
-		return nil, err
-	}
-	auth := base64.StdEncoding.EncodeToString([]byte(p.config.ClientID + ":" + p.config.ClientSecret))
-	req.Header.Set("Authorization", "Basic "+auth)
-	token := new(oauth2.Token)
-	if err := utils.HttpRequest(p.httpClient, req, token); err != nil {
-		return nil, err
-	}
-	return token, nil
-}
-
+//ClientCredentials is the `RelayingParty` interface implementation
+//handling the oauth2 client credentials grant
 func (p *DefaultRP) ClientCredentials(ctx context.Context, scopes ...string) (newToken *oauth2.Token, err error) {
 	return p.callTokenEndpoint(grants.ClientCredentialsGrantBasic(scopes...))
 }
 
+//TokenExchange is the `TokenExchangeRP` interface implementation
+//handling the oauth2 token exchange (draft)
+func (p *DefaultRP) TokenExchange(ctx context.Context, request *grants_tx.TokenExchangeRequest) (newToken *oauth2.Token, err error) {
+	return p.callTokenEndpoint(request)
+}
+
+//DelegationTokenExchange is the `TokenExchangeRP` interface implementation
+//handling the oauth2 token exchange for a delegation token (draft)
 func (p *DefaultRP) DelegationTokenExchange(ctx context.Context, subjectToken string, reqOpts ...grants_tx.TokenExchangeOption) (newToken *oauth2.Token, err error) {
 	return p.TokenExchange(ctx, DelegationTokenRequest(subjectToken, reqOpts...))
 }
@@ -178,6 +188,20 @@ func (p *DefaultRP) discover() error {
 	return nil
 }
 
+func (p *DefaultRP) callTokenEndpoint(request interface{}) (newToken *oauth2.Token, err error) {
+	req, err := utils.FormRequest(p.endpoints.TokenURL, request)
+	if err != nil {
+		return nil, err
+	}
+	auth := base64.StdEncoding.EncodeToString([]byte(p.config.ClientID + ":" + p.config.ClientSecret))
+	req.Header.Set("Authorization", "Basic "+auth)
+	token := new(oauth2.Token)
+	if err := utils.HttpRequest(p.httpClient, req, token); err != nil {
+		return nil, err
+	}
+	return token, nil
+}
+
 func (p *DefaultRP) trySetStateCookie(w http.ResponseWriter, state string) error {
 	if p.cookieHandler != nil {
 		if err := p.cookieHandler.SetQueryCookie(w, stateParam, state); err != nil {