packaging and much more

doc.go

@@ -0,0 +1 @@
+package oidc

example/go.mod

@@ -19,5 +19,6 @@ require (
 	github.com/caos/oidc/pkg/utils v0.0.0-00010101000000-000000000000
 	github.com/caos/utils/logging v0.0.0-20191104132131-b318678afbef
 	github.com/google/uuid v1.1.1
-	golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f
+	golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1
+	gopkg.in/square/go-jose.v2 v2.4.0
 )

example/go.sum

@@ -16,6 +16,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -59,12 +60,16 @@ github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4=
 golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -80,9 +85,13 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4=
 golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -95,6 +104,8 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE=
 golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@@ -129,5 +140,6 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

example/internal/mock/storage.go

@@ -3,42 +3,91 @@ package mock
 import (
 	"errors"
 
+	"gopkg.in/square/go-jose.v2"
+
 	"github.com/caos/oidc/pkg/oidc"
+	"github.com/caos/oidc/pkg/op"
 )
 
-type Signer struct {
-}
-
-func (s *Signer) Sign(*oidc.IDTokenClaims) (string, error) {
-	return "sdsa", nil
-}
-
 type Storage struct {
 }
 
-func (s *Storage) CreateAuthRequest(authReq *oidc.AuthRequest) error {
+type AuthRequest struct {
-	authReq.ID = "id"
+	ID           string
-	return nil
+	ResponseType oidc.ResponseType
+	RedirectURI  string
 }
-func (s *Storage) GetClientByClientID(id string) (oidc.Client, error) {
+
-	if id == "not" {
+func (a *AuthRequest) GetACR() string {
+	return ""
+}
+
+func (a *AuthRequest) GetAMR() []string {
+	return []string{}
+}
+
+func (a *AuthRequest) GetAudience() []string {
+	return []string{}
+}
+
+func (a *AuthRequest) GetClientID() string {
+	return ""
+}
+
+func (a *AuthRequest) GetID() string {
+	return a.ID
+}
+
+func (a *AuthRequest) GetNonce() string {
+	return ""
+}
+
+func (a *AuthRequest) GetRedirectURI() string {
+	return ""
+}
+
+func (a *AuthRequest) GetResponseType() oidc.ResponseType {
+	return a.ResponseType
+}
+
+func (a *AuthRequest) GetState() string {
+	return ""
+}
+
+func (a *AuthRequest) GetSubject() string {
+	return ""
+}
+
+func (s *Storage) CreateAuthRequest(authReq *oidc.AuthRequest) (op.AuthRequest, error) {
+	return &AuthRequest{ID: "id"}, nil
+}
+func (s *Storage) GetClientByClientID(id string) (op.Client, error) {
+	if id == "none" {
 		return nil, errors.New("not found")
 	}
+	var appType op.ApplicationType
+	if id == "web" {
+		appType = op.ApplicationTypeWeb
+	} else if id == "native" {
+		appType = op.ApplicationTypeNative
+	} else {
+		appType = op.ApplicationTypeUserAgent
+	}
+	return &ConfClient{applicationType: appType}, nil
+}
+func (s *Storage) AuthRequestByCode(op.Client, string, string) (op.AuthRequest, error) {
+	return &AuthRequest{ID: "id"}, nil
+}
+func (s *Storage) AuthorizeClientIDSecret(string, string) (op.Client, error) {
 	return &ConfClient{}, nil
 }
-func (s *Storage) AuthRequestByCode(oidc.Client, string, string) (*oidc.AuthRequest, error) {
+func (s *Storage) AuthorizeClientIDCodeVerifier(string, string) (op.Client, error) {
-	return &oidc.AuthRequest{ID: "id"}, nil
-}
-func (s *Storage) AuthorizeClientIDSecret(string, string) (oidc.Client, error) {
-	return &ConfClient{}, nil
-}
-func (s *Storage) AuthorizeClientIDCodeVerifier(string, string) (oidc.Client, error) {
 	return &ConfClient{}, nil
 }
 func (s *Storage) DeleteAuthRequestAndCode(string, string) error {
 	return nil
 }
-func (s *Storage) AuthRequestByID(id string) (*oidc.AuthRequest, error) {
+func (s *Storage) AuthRequestByID(id string) (op.AuthRequest, error) {
 	if id == "none" {
 		return nil, errors.New("not found")
 	}
@@ -50,13 +99,19 @@ func (s *Storage) AuthRequestByID(id string) (*oidc.AuthRequest, error) {
 	} else {
 		responseType = oidc.ResponseTypeIDToken
 	}
-	return &oidc.AuthRequest{
+	return &AuthRequest{
 		ResponseType: responseType,
 		RedirectURI:  "/callback",
 	}, nil
 }
 
-type ConfClient struct{}
+func (s *Storage) GetSigningKey() (jose.SigningKey, error) {
+	return jose.SigningKey{Algorithm: jose.HS256, Key: []byte("test")}, nil
+}
+
+type ConfClient struct {
+	applicationType op.ApplicationType
+}
 
 func (c *ConfClient) RedirectURIs() []string {
 	return []string{
@@ -70,6 +125,6 @@ func (c *ConfClient) LoginURL(id string) string {
 	return "login?id=" + id
 }
 
-func (c *ConfClient) ApplicationType() oidc.ApplicationType {
+func (c *ConfClient) ApplicationType() op.ApplicationType {
-	return oidc.ApplicationTypeNative
+	return c.applicationType
 }

example/server/default/default.go

@@ -5,23 +5,22 @@ import (
 	"log"
 
 	"github.com/caos/oidc/example/internal/mock"
-	server "github.com/caos/oidc/pkg/op"
+	"github.com/caos/oidc/pkg/op"
 )
 
 func main() {
 	ctx := context.Background()
-	config := &server.Config{
+	config := &op.Config{
 		Issuer: "http://localhost:9998/",
 
 		Port: "9998",
 	}
 	storage := &mock.Storage{}
-	signer := &mock.Signer{}
+	handler, err := op.NewDefaultOP(config, storage, op.WithCustomTokenEndpoint("test"))
-	handler, err := server.NewDefaultOP(config, storage, signer, server.WithCustomTokenEndpoint("test"))
 	if err != nil {
 		log.Fatal(err)
 	}
-	server.Start(ctx, handler)
+	op.Start(ctx, handler)
 	<-ctx.Done()
 
 }

pkg/oidc/go.mod

@@ -5,9 +5,9 @@ go 1.13
 require (
 	github.com/golang/protobuf v1.3.2 // indirect
 	github.com/stretchr/testify v1.4.0 // indirect
-	golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f // indirect
+	golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 // indirect
-	golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 // indirect
+	golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 // indirect
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c
 	golang.org/x/text v0.3.2
 	google.golang.org/appengine v1.6.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.4.0

pkg/oidc/go.sum

@@ -12,18 +12,18 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8=
-golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk=
-golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

pkg/oidc/identity_provider.go

@@ -1,13 +1,13 @@
 package oidc
 
-import "net/http"
+// import "net/http"
 
-type IdentityProvider interface {
+// type IdentityProvider interface {
-	// Configuration
+// 	// Configuration
-	// Storage() Storage
+// 	// Storage() Storage
-	HandleDiscovery(w http.ResponseWriter, r *http.Request)
+// 	HandleDiscovery(w http.ResponseWriter, r *http.Request)
-	HandleAuthorize(w http.ResponseWriter, r *http.Request)
+// 	HandleAuthorize(w http.ResponseWriter, r *http.Request)
-	HandleExchange(w http.ResponseWriter, r *http.Request)
+// 	HandleExchange(w http.ResponseWriter, r *http.Request)
-	HandleUserinfo(w http.ResponseWriter, r *http.Request)
+// 	HandleUserinfo(w http.ResponseWriter, r *http.Request)
-	HttpHandler() *http.Server
+// 	HttpHandler() *http.Server
-}
+// }

pkg/op/authrequest.go

@@ -11,15 +11,14 @@ import (
 	"github.com/gorilla/schema"
 
 	"github.com/caos/oidc/pkg/oidc"
-	"github.com/caos/oidc/pkg/op/u"
 	str_utils "github.com/caos/utils/strings"
 )
 
 type Authorizer interface {
-	Storage() u.Storage
+	Storage() Storage
 	Decoder() *schema.Decoder
 	Encoder() *schema.Encoder
-	Signe() u.Signer
+	Signer() Signer
 	// ErrorHandler() func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
 }
 
@@ -29,7 +28,7 @@ type Authorizer interface {
 
 type ValidationAuthorizer interface {
 	Authorizer
-	ValidateAuthRequest(*oidc.AuthRequest, u.Storage) error
+	ValidateAuthRequest(*oidc.AuthRequest, Storage) error
 }
 
 // type errorHandler func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error)
@@ -73,7 +72,7 @@ func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
 	RedirectToLogin(req, client, w, r)
 }
 
-func ValidateAuthRequest(authReq *oidc.AuthRequest, storage u.Storage) error {
+func ValidateAuthRequest(authReq *oidc.AuthRequest, storage Storage) error {
 	if err := ValidateAuthReqScopes(authReq.Scopes); err != nil {
 		return err
 	}
@@ -101,7 +100,7 @@ func ValidateAuthReqScopes(scopes []string) error {
 	return nil
 }
 
-func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.ResponseType, storage u.Storage) error {
+func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.ResponseType, storage Storage) error {
 	if uri == "" {
 		return ErrInvalidRequest("redirect_uri must not be empty")
 	}
@@ -116,15 +115,15 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons
 		return nil
 	}
 	if responseType == oidc.ResponseTypeCode {
-		if strings.HasPrefix(uri, "http://") && u.IsConfidentialType(client) {
+		if strings.HasPrefix(uri, "http://") && IsConfidentialType(client) {
 			return nil
 		}
-		if client.ApplicationType() == u.ApplicationTypeNative {
+		if client.ApplicationType() == ApplicationTypeNative {
 			return nil
 		}
 		return ErrInvalidRequest("redirect_uri not allowed 2")
 	} else {
-		if client.ApplicationType() != u.ApplicationTypeNative {
+		if client.ApplicationType() != ApplicationTypeNative {
 			return ErrInvalidRequest("redirect_uri not allowed 3")
 		}
 		if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) {
@@ -134,7 +133,7 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons
 	return nil
 }
 
-func RedirectToLogin(authReq u.AuthRequest, client u.Client, w http.ResponseWriter, r *http.Request) {
+func RedirectToLogin(authReq AuthRequest, client Client, w http.ResponseWriter, r *http.Request) {
 	login := client.LoginURL(authReq.GetID())
 	http.Redirect(w, r, login, http.StatusFound)
 }
@@ -151,7 +150,7 @@ func AuthorizeCallback(w http.ResponseWriter, r *http.Request, authorizer Author
 	AuthResponse(authReq, authorizer, w, r)
 }
 
-func AuthResponse(authReq u.AuthRequest, authorizer Authorizer, w http.ResponseWriter, r *http.Request) {
+func AuthResponse(authReq AuthRequest, authorizer Authorizer, w http.ResponseWriter, r *http.Request) {
 	var callback string
 	if authReq.GetResponseType() == oidc.ResponseTypeCode {
 		callback = fmt.Sprintf("%s?code=%s", authReq.GetRedirectURI(), "test")
@@ -164,7 +163,7 @@ func AuthResponse(authReq u.AuthRequest, authorizer Authorizer, w http.ResponseW
 
 			}
 		}
-		idToken, err := CreateIDToken("", authReq, accessToken, time.Now(), time.Now(), "", authorizer.Signe())
+		idToken, err := CreateIDToken("", authReq, accessToken, time.Now(), time.Now(), "", authorizer.Signer())
 		if err != nil {
 
 		}

pkg/op/authrequest_test.go

@@ -1,4 +1,4 @@
-package op
+package op_test
 
 import (
 	"net/http"
@@ -7,14 +7,14 @@ import (
 	"testing"
 
 	"github.com/caos/oidc/pkg/oidc"
+	"github.com/caos/oidc/pkg/op"
 	"github.com/caos/oidc/pkg/op/mock"
-	"github.com/caos/oidc/pkg/op/u"
 )
 
 func TestValidateAuthRequest(t *testing.T) {
 	type args struct {
 		authRequest *oidc.AuthRequest
-		storage     u.Storage
+		storage     op.Storage
 	}
 	tests := []struct {
 		name    string
@@ -53,7 +53,7 @@ func TestValidateAuthRequest(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := ValidateAuthRequest(tt.args.authRequest, tt.args.storage); (err != nil) != tt.wantErr {
+			if err := op.ValidateAuthRequest(tt.args.authRequest, tt.args.storage); (err != nil) != tt.wantErr {
 				t.Errorf("ValidateAuthRequest() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -65,7 +65,7 @@ func TestValidateAuthReqRedirectURI(t *testing.T) {
 		uri          string
 		clientID     string
 		responseType oidc.ResponseType
-		storage      u.Storage
+		storage      op.Storage
 	}
 	tests := []struct {
 		name    string
@@ -135,7 +135,7 @@ func TestValidateAuthReqRedirectURI(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := ValidateAuthReqRedirectURI(tt.args.uri, tt.args.clientID, tt.args.responseType, tt.args.storage); (err != nil) != tt.wantErr {
+			if err := op.ValidateAuthReqRedirectURI(tt.args.uri, tt.args.clientID, tt.args.responseType, tt.args.storage); (err != nil) != tt.wantErr {
 				t.Errorf("ValidateRedirectURI() error = %v, wantErr %v", err.Error(), tt.wantErr)
 			}
 		})
@@ -163,7 +163,7 @@ func TestValidateAuthReqScopes(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := ValidateAuthReqScopes(tt.args.scopes); (err != nil) != tt.wantErr {
+			if err := op.ValidateAuthReqScopes(tt.args.scopes); (err != nil) != tt.wantErr {
 				t.Errorf("ValidateAuthReqScopes() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
@@ -184,7 +184,7 @@ func TestAuthorize(t *testing.T) {
 	type args struct {
 		w          http.ResponseWriter
 		r          *http.Request
-		authorizer Authorizer
+		authorizer op.Authorizer
 	}
 	tests := []struct {
 		name string
@@ -218,7 +218,7 @@ func TestAuthorize(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			Authorize(tt.args.w, tt.args.r, tt.args.authorizer)
+			op.Authorize(tt.args.w, tt.args.r, tt.args.authorizer)
 		})
 	}
 }

pkg/op/client.go

@@ -1,4 +1,10 @@
-package u
+package op
+
+const (
+	ApplicationTypeWeb ApplicationType = iota
+	ApplicationTypeUserAgent
+	ApplicationTypeNative
+)
 
 type Client interface {
 	RedirectURIs() []string
@@ -6,25 +12,8 @@ type Client interface {
 	LoginURL(string) string
 }
 
-// type ClientType int
-
-// func (c ClientType) IsConvidential() bool {
-// 	return c == ClientTypeConfidential
-// }
-
 func IsConfidentialType(c Client) bool {
 	return c.ApplicationType() == ApplicationTypeWeb
 }
 
 type ApplicationType int
-
-// const (a ApplicationType)
-
-const (
-	// ClientTypeConfidential ClientType = iota
-	// ClientTypePublic
-
-	ApplicationTypeWeb ApplicationType = iota
-	ApplicationTypeUserAgent
-	ApplicationTypeNative
-)

pkg/op/default_op.go

@@ -6,7 +6,6 @@ import (
 	"github.com/gorilla/schema"
 
 	"github.com/caos/oidc/pkg/oidc"
-	"github.com/caos/oidc/pkg/op/u"
 )
 
 const (
@@ -29,8 +28,8 @@ type DefaultOP struct {
 	config          *Config
 	endpoints       *endpoints
 	discoveryConfig *oidc.DiscoveryConfiguration
-	storage         u.Storage
+	storage         Storage
-	signer          u.Signer
+	signer          Signer
 	http            *http.Server
 	decoder         *schema.Decoder
 	encoder         *schema.Encoder
@@ -90,18 +89,23 @@ func WithCustomUserinfoEndpoint(endpoint Endpoint) DefaultOPOpts {
 	}
 }
 
-func NewDefaultOP(config *Config, storage u.Storage, signer u.Signer, opOpts ...DefaultOPOpts) (OpenIDProvider, error) {
+func NewDefaultOP(config *Config, storage Storage, opOpts ...DefaultOPOpts) (OpenIDProvider, error) {
-	if err := ValidateIssuer(config.Issuer); err != nil {
+	err := ValidateIssuer(config.Issuer)
+	if err != nil {
 		return nil, err
 	}
 
 	p := &DefaultOP{
 		config:    config,
 		storage:   storage,
-		signer:    signer,
 		endpoints: DefaultEndpoints,
 	}
 
+	p.signer, err = NewDefaultSigner(storage)
+	if err != nil {
+		return nil, err
+	}
+
 	for _, optFunc := range opOpts {
 		if err := optFunc(p); err != nil {
 			return nil, err
@@ -159,11 +163,11 @@ func (p *DefaultOP) Encoder() *schema.Encoder {
 	return p.encoder
 }
 
-func (p *DefaultOP) Storage() u.Storage {
+func (p *DefaultOP) Storage() Storage {
 	return p.storage
 }
 
-func (p *DefaultOP) Signe() u.Signer {
+func (p *DefaultOP) Signer() Signer {
 	return p.signer
 	// return
 }
@@ -174,25 +178,6 @@ func (p *DefaultOP) Signe() u.Signer {
 
 func (p *DefaultOP) HandleAuthorize(w http.ResponseWriter, r *http.Request) {
 	Authorize(w, r, p)
-	// if err != nil {
-	// 	http.Error(w, err.Error(), 400)
-	// }
-	// authRequest, err := ParseAuthRequest(w, r)
-	// if err != nil {
-	// 	//TODO: return err
-	// }
-	// err = ValidateAuthRequest(authRequest, p.storage)
-	// if err != nil {
-	// 	http.Error(w, err.Error(), 400)
-	// 	return
-	// 	//TODO: return err
-	// }
-	// // err = p.storage.CreateAuthRequest(authRequest)
-	// // if err != nil {
-	// // 	//TODO: return err
-	// // }
-	// var client oidc.Client
-	// RedirectToLogin(authRequest, client, w, r)
 }
 
 func (p *DefaultOP) HandleAuthorizeCallback(w http.ResponseWriter, r *http.Request) {
@@ -206,25 +191,12 @@ func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	if reqType == string(oidc.GrantTypeCode) {
-		CodeExchange(w, r, p.storage, p.decoder)
+		CodeExchange(w, r, p)
 		return
 	}
 	p.handleTokenExchange(w, r)
 }
 
-// func (p *DefaultOP) handleCodeExchange(w http.ResponseWriter, r *http.Request) {
-// 	tokenRequest, err := ParseAccessTokenRequest(w, r)
-// 	if err != nil {
-// 		//TODO: return err
-// 	}
-// 	err = ValidateAccessTokenRequest(tokenRequest, p.storage)
-// 	if err != nil {
-// 		//TODO: return err
-// 	}
-// 	b, _ := json.Marshal(tokenRequest)
-// 	w.Write(b)
-// }
-
 func (p *DefaultOP) handleTokenExchange(w http.ResponseWriter, r *http.Request) {
 	tokenRequest, err := ParseTokenExchangeRequest(w, r)
 	if err != nil {

pkg/op/default_op_test.go

@@ -8,7 +8,6 @@ import (
 	"github.com/stretchr/testify/require"
 
 	"github.com/caos/oidc/pkg/oidc"
-	"github.com/caos/oidc/pkg/op/u"
 )
 
 func TestDefaultOP_HandleDiscovery(t *testing.T) {
@@ -16,7 +15,7 @@ func TestDefaultOP_HandleDiscovery(t *testing.T) {
 		config          *Config
 		endpoints       *endpoints
 		discoveryConfig *oidc.DiscoveryConfiguration
-		storage         u.Storage
+		storage         Storage
 		http            *http.Server
 	}
 	type args struct {

pkg/op/error.go

@@ -3,8 +3,6 @@ package op
 import (
 	"net/http"
 
-	"github.com/caos/oidc/pkg/op/u"
-
 	"github.com/caos/oidc/pkg/oidc"
 	"github.com/caos/oidc/pkg/utils"
 )
@@ -16,7 +14,13 @@ const (
 
 type errorType string
 
-func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq u.ErrAuthRequest, err error) {
+type ErrAuthRequest interface {
+	GetRedirectURI() string
+	GetResponseType() oidc.ResponseType
+	GetState() string
+}
+
+func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthRequest, err error) {
 	if authReq == nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
@@ -79,7 +83,7 @@ var (
 	}
 )
 
-func (e *OAuthError) AuthRequestResponse(w http.ResponseWriter, r *http.Request, authReq u.AuthRequest) {
+func (e *OAuthError) AuthRequestResponse(w http.ResponseWriter, r *http.Request, authReq AuthRequest) {
 	if authReq == nil {
 		http.Error(w, e.Error(), http.StatusBadRequest)
 		return

pkg/op/go.mod

@@ -1,4 +1,4 @@
-module github.com/caos/oidc/pkg/server
+module github.com/caos/oidc/pkg/op
 
 go 1.13
 
@@ -10,20 +10,16 @@ replace github.com/caos/oidc/pkg/utils => /Users/livio/workspaces/go/src/github.
 
 replace github.com/caos/oidc/pkg/op => /Users/livio/workspaces/go/src/github.com/caos/oidc/pkg/op
 
-replace github.com/caos/oidc/pkg/op/u => /Users/livio/workspaces/go/src/github.com/caos/oidc/pkg/op/u
-
 require (
-	github.com/caos/oidc v0.0.0-20191119072320-6412f213450c
 	github.com/caos/oidc/pkg/oidc v0.0.0-00010101000000-000000000000
-	github.com/caos/oidc/pkg/op v0.0.0-00010101000000-000000000000
 	github.com/caos/oidc/pkg/utils v0.0.0-00010101000000-000000000000
 	github.com/caos/utils v0.0.0-20191104132131-b318678afbef
 	github.com/caos/utils/logging v0.0.0-20191104132131-b318678afbef
 	github.com/golang/mock v1.3.1
-	github.com/google/go-querystring v1.0.0
 	github.com/gorilla/mux v1.7.3
 	github.com/gorilla/schema v1.1.0
+	github.com/stretchr/objx v0.2.0 // indirect
 	github.com/stretchr/testify v1.4.0
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	gopkg.in/square/go-jose.v2 v2.4.0
+	gopkg.in/yaml.v2 v2.2.7 // indirect
 )

pkg/op/go.sum

@@ -19,6 +19,7 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1 h1:G5FRp8JnTd7RQH5kemVNlMeyXQAztQ3mOWV95KxsXH8=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -29,8 +30,6 @@ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y
 github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
-github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
 github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/schema v1.1.0 h1:CamqUDOFUBqzrvxuz2vEwo8+SUdwsluFh7IlzJh30LY=
@@ -44,8 +43,10 @@ github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqC
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -57,14 +58,15 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48=
+github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8=
-golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20191119213627-4f8c1d86b1ba h1:9bFeDpN3gTqNanMVqNcoR/pJQuP5uroC3t1D7eXozTE=
-golang.org/x/crypto v0.0.0-20191119213627-4f8c1d86b1ba/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -78,11 +80,11 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk=
-golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -94,10 +96,8 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed h1:5TJcLJn2a55mJjzYk0yOoqN8X1OdvBDUnaZaKKyQtkY=
 golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU=
-golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA=
-golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@@ -106,6 +106,7 @@ golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGm
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135 h1:5Beo0mZN8dRzgrMMkDp0jc8YXQKx9DiJ2k1dkvGsn5A=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -125,6 +126,7 @@ google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRn
 google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A=
@@ -133,5 +135,7 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
+gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

pkg/op/mock/authorizer.mock.go

@@ -5,11 +5,9 @@
 package mock
 
 import (
-	oidc "github.com/caos/oidc/pkg/oidc"
+	op "github.com/caos/oidc/pkg/op"
-	u "github.com/caos/oidc/pkg/op/u"
 	gomock "github.com/golang/mock/gomock"
 	schema "github.com/gorilla/schema"
-	http "net/http"
 	reflect "reflect"
 )
 
@@ -64,39 +62,25 @@ func (mr *MockAuthorizerMockRecorder) Encoder() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Encoder", reflect.TypeOf((*MockAuthorizer)(nil).Encoder))
 }
 
-// ErrorHandler mocks base method
+// Signer mocks base method
-func (m *MockAuthorizer) ErrorHandler() func(http.ResponseWriter, *http.Request, *oidc.AuthRequest, error) {
+func (m *MockAuthorizer) Signer() op.Signer {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ErrorHandler")
+	ret := m.ctrl.Call(m, "Signer")
-	ret0, _ := ret[0].(func(http.ResponseWriter, *http.Request, *oidc.AuthRequest, error))
+	ret0, _ := ret[0].(op.Signer)
 	return ret0
 }
 
-// ErrorHandler indicates an expected call of ErrorHandler
+// Signer indicates an expected call of Signer
-func (mr *MockAuthorizerMockRecorder) ErrorHandler() *gomock.Call {
+func (mr *MockAuthorizerMockRecorder) Signer() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ErrorHandler", reflect.TypeOf((*MockAuthorizer)(nil).ErrorHandler))
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Signer", reflect.TypeOf((*MockAuthorizer)(nil).Signer))
-}
-
-// Signe mocks base method
-func (m *MockAuthorizer) Signe() u.Signer {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Signe")
-	ret0, _ := ret[0].(u.Signer)
-	return ret0
-}
-
-// Signe indicates an expected call of Signe
-func (mr *MockAuthorizerMockRecorder) Signe() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Signe", reflect.TypeOf((*MockAuthorizer)(nil).Signe))
 }
 
 // Storage mocks base method
-func (m *MockAuthorizer) Storage() u.Storage {
+func (m *MockAuthorizer) Storage() op.Storage {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Storage")
-	ret0, _ := ret[0].(u.Storage)
+	ret0, _ := ret[0].(op.Storage)
 	return ret0
 }
 

pkg/op/mock/authorizer.mock.impl.go

@@ -1,17 +1,13 @@
 package mock
 
 import (
-	http "net/http"
 	"testing"
 
-	"github.com/stretchr/testify/require"
-
 	"github.com/golang/mock/gomock"
 	"github.com/gorilla/schema"
 
 	oidc "github.com/caos/oidc/pkg/oidc"
 	"github.com/caos/oidc/pkg/op"
-	u "github.com/caos/oidc/pkg/op/u"
 )
 
 func NewAuthorizer(t *testing.T) op.Authorizer {
@@ -24,7 +20,7 @@ func NewAuthorizerExpectValid(t *testing.T, wantErr bool) op.Authorizer {
 	ExpectEncoder(m)
 	ExpectSigner(m, t)
 	ExpectStorage(m, t)
-	ExpectErrorHandler(m, t, wantErr)
+	// ExpectErrorHandler(m, t, wantErr)
 	return m
 }
 
@@ -50,27 +46,27 @@ func ExpectEncoder(a op.Authorizer) {
 
 func ExpectSigner(a op.Authorizer, t *testing.T) {
 	mockA := a.(*MockAuthorizer)
-	mockA.EXPECT().Signe().DoAndReturn(
+	mockA.EXPECT().Signer().DoAndReturn(
-		func() u.Signer {
+		func() op.Signer {
 			return &Sig{}
 		})
 }
 
-func ExpectErrorHandler(a op.Authorizer, t *testing.T, wantErr bool) {
+// func ExpectErrorHandler(a op.Authorizer, t *testing.T, wantErr bool) {
-	mockA := a.(*MockAuthorizer)
+// 	mockA := a.(*MockAuthorizer)
-	mockA.EXPECT().ErrorHandler().AnyTimes().
+// 	mockA.EXPECT().ErrorHandler().AnyTimes().
-		Return(func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) {
+// 		Return(func(w http.ResponseWriter, r *http.Request, authReq *oidc.AuthRequest, err error) {
-			if wantErr {
+// 			if wantErr {
-				require.Error(t, err)
+// 				require.Error(t, err)
-				return
+// 				return
-			}
+// 			}
-			require.NoError(t, err)
+// 			require.NoError(t, err)
-		})
+// 		})
-}
+// }
 
 type Sig struct{}
 
-func (s *Sig) Sign(*oidc.IDTokenClaims) (string, error) {
+func (s *Sig) SignIDToken(*oidc.IDTokenClaims) (string, error) {
 	return "", nil
 }
 

pkg/op/mock/generate.go

@@ -1,4 +1,4 @@
 package mock
 
-//go:generate mockgen -package mock -destination ./storage.mock.go github.com/caos/oidc/pkg/op/u Storage
+//go:generate mockgen -package mock -destination ./storage.mock.go github.com/caos/oidc/pkg/op Storage
 //go:generate mockgen -package mock -destination ./authorizer.mock.go github.com/caos/oidc/pkg/op Authorizer

pkg/op/mock/storage.mock.go

@@ -1,11 +1,12 @@
 // Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/caos/oidc/pkg/op/u (interfaces: Storage)
+// Source: github.com/caos/oidc/pkg/op (interfaces: Storage)
 
 // Package mock is a generated GoMock package.
 package mock
 
 import (
 	oidc "github.com/caos/oidc/pkg/oidc"
+	op "github.com/caos/oidc/pkg/op"
 	gomock "github.com/golang/mock/gomock"
 	reflect "reflect"
 )
@@ -34,10 +35,10 @@ func (m *MockStorage) EXPECT() *MockStorageMockRecorder {
 }
 
 // AuthRequestByCode mocks base method
-func (m *MockStorage) AuthRequestByCode(arg0 oidc.Client, arg1, arg2 string) (*oidc.AuthRequest, error) {
+func (m *MockStorage) AuthRequestByCode(arg0 op.Client, arg1, arg2 string) (op.AuthRequest, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "AuthRequestByCode", arg0, arg1, arg2)
-	ret0, _ := ret[0].(*oidc.AuthRequest)
+	ret0, _ := ret[0].(op.AuthRequest)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -49,10 +50,10 @@ func (mr *MockStorageMockRecorder) AuthRequestByCode(arg0, arg1, arg2 interface{
 }
 
 // AuthRequestByID mocks base method
-func (m *MockStorage) AuthRequestByID(arg0 string) (*oidc.AuthRequest, error) {
+func (m *MockStorage) AuthRequestByID(arg0 string) (op.AuthRequest, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "AuthRequestByID", arg0)
-	ret0, _ := ret[0].(*oidc.AuthRequest)
+	ret0, _ := ret[0].(op.AuthRequest)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -64,10 +65,10 @@ func (mr *MockStorageMockRecorder) AuthRequestByID(arg0 interface{}) *gomock.Cal
 }
 
 // AuthorizeClientIDCodeVerifier mocks base method
-func (m *MockStorage) AuthorizeClientIDCodeVerifier(arg0, arg1 string) (oidc.Client, error) {
+func (m *MockStorage) AuthorizeClientIDCodeVerifier(arg0, arg1 string) (op.Client, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "AuthorizeClientIDCodeVerifier", arg0, arg1)
-	ret0, _ := ret[0].(oidc.Client)
+	ret0, _ := ret[0].(op.Client)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -79,10 +80,10 @@ func (mr *MockStorageMockRecorder) AuthorizeClientIDCodeVerifier(arg0, arg1 inte
 }
 
 // AuthorizeClientIDSecret mocks base method
-func (m *MockStorage) AuthorizeClientIDSecret(arg0, arg1 string) (oidc.Client, error) {
+func (m *MockStorage) AuthorizeClientIDSecret(arg0, arg1 string) (op.Client, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "AuthorizeClientIDSecret", arg0, arg1)
-	ret0, _ := ret[0].(oidc.Client)
+	ret0, _ := ret[0].(op.Client)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -94,11 +95,12 @@ func (mr *MockStorageMockRecorder) AuthorizeClientIDSecret(arg0, arg1 interface{
 }
 
 // CreateAuthRequest mocks base method
-func (m *MockStorage) CreateAuthRequest(arg0 *oidc.AuthRequest) error {
+func (m *MockStorage) CreateAuthRequest(arg0 *oidc.AuthRequest) (op.AuthRequest, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "CreateAuthRequest", arg0)
-	ret0, _ := ret[0].(error)
+	ret0, _ := ret[0].(op.AuthRequest)
-	return ret0
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
 }
 
 // CreateAuthRequest indicates an expected call of CreateAuthRequest
@@ -122,10 +124,10 @@ func (mr *MockStorageMockRecorder) DeleteAuthRequestAndCode(arg0, arg1 interface
 }
 
 // GetClientByClientID mocks base method
-func (m *MockStorage) GetClientByClientID(arg0 string) (oidc.Client, error) {
+func (m *MockStorage) GetClientByClientID(arg0 string) (op.Client, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "GetClientByClientID", arg0)
-	ret0, _ := ret[0].(oidc.Client)
+	ret0, _ := ret[0].(op.Client)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

pkg/op/mock/storage.mock.impl.go

@@ -6,27 +6,27 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/caos/oidc/pkg/oidc"
+	"github.com/caos/oidc/pkg/op"
-	u "github.com/caos/oidc/pkg/op/u"
+	op2 "github.com/caos/oidc/pkg/op"
 )
 
-func NewStorage(t *testing.T) u.Storage {
+func NewStorage(t *testing.T) op2.Storage {
 	return NewMockStorage(gomock.NewController(t))
 }
 
-func NewMockStorageExpectValidClientID(t *testing.T) u.Storage {
+func NewMockStorageExpectValidClientID(t *testing.T) op2.Storage {
 	m := NewStorage(t)
 	ExpectValidClientID(m)
 	return m
 }
 
-func NewMockStorageExpectInvalidClientID(t *testing.T) u.Storage {
+func NewMockStorageExpectInvalidClientID(t *testing.T) op2.Storage {
 	m := NewStorage(t)
 	ExpectInvalidClientID(m)
 	return m
 }
 
-func NewMockStorageAny(t *testing.T) u.Storage {
+func NewMockStorageAny(t *testing.T) op2.Storage {
 	m := NewStorage(t)
 	mockS := m.(*MockStorage)
 	mockS.EXPECT().GetClientByClientID(gomock.Any()).AnyTimes().Return(&ConfClient{}, nil)
@@ -34,30 +34,30 @@ func NewMockStorageAny(t *testing.T) u.Storage {
 	return m
 }
 
-func ExpectInvalidClientID(s u.Storage) {
+func ExpectInvalidClientID(s op2.Storage) {
 	mockS := s.(*MockStorage)
 	mockS.EXPECT().GetClientByClientID(gomock.Any()).Return(nil, errors.New("client not found"))
 }
 
-func ExpectValidClientID(s u.Storage) {
+func ExpectValidClientID(s op2.Storage) {
 	mockS := s.(*MockStorage)
 	mockS.EXPECT().GetClientByClientID(gomock.Any()).DoAndReturn(
-		func(id string) (oidc.Client, error) {
+		func(id string) (op.Client, error) {
-			var appType oidc.ApplicationType
+			var appType op.ApplicationType
 			switch id {
 			case "web_client":
-				appType = oidc.ApplicationTypeWeb
+				appType = op.ApplicationTypeWeb
 			case "native_client":
-				appType = oidc.ApplicationTypeNative
+				appType = op.ApplicationTypeNative
 			case "useragent_client":
-				appType = oidc.ApplicationTypeUserAgent
+				appType = op.ApplicationTypeUserAgent
 			}
 			return &ConfClient{appType: appType}, nil
 		})
 }
 
 type ConfClient struct {
-	appType oidc.ApplicationType
+	appType op.ApplicationType
 }
 
 func (c *ConfClient) RedirectURIs() []string {
@@ -73,6 +73,6 @@ func (c *ConfClient) LoginURL(id string) string {
 	return "login?id=" + id
 }
 
-func (c *ConfClient) ApplicationType() oidc.ApplicationType {
+func (c *ConfClient) ApplicationType() op.ApplicationType {
 	return c.appType
 }

pkg/op/signer.go

@@ -0,0 +1,55 @@
+package op
+
+import (
+	"encoding/json"
+
+	"gopkg.in/square/go-jose.v2"
+
+	"github.com/caos/oidc/pkg/oidc"
+)
+
+type Signer interface {
+	SignIDToken(claims *oidc.IDTokenClaims) (string, error)
+}
+
+type idTokenSigner struct {
+	signer  jose.Signer
+	storage Storage
+}
+
+func NewDefaultSigner(storage Storage) (Signer, error) {
+	s := &idTokenSigner{
+		storage: storage,
+	}
+	if err := s.initialize(); err != nil {
+		return nil, err
+	}
+	return s, nil
+}
+
+func (s *idTokenSigner) initialize() error {
+	key, err := s.storage.GetSigningKey()
+	if err != nil {
+		return err
+	}
+	s.signer, err = jose.NewSigner(key, &jose.SignerOptions{})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *idTokenSigner) SignIDToken(claims *oidc.IDTokenClaims) (string, error) {
+	payload, err := json.Marshal(claims)
+	if err != nil {
+		return "", err
+	}
+	return s.Sign(payload)
+}
+func (s *idTokenSigner) Sign(payload []byte) (string, error) {
+	result, err := s.signer.Sign(payload)
+	if err != nil {
+		return "", err
+	}
+	return result.CompactSerialize()
+}

pkg/op/storage.go

@@ -1,6 +1,10 @@
-package u
+package op
 
-import "github.com/caos/oidc/pkg/oidc"
+import (
+	"gopkg.in/square/go-jose.v2"
+
+	"github.com/caos/oidc/pkg/oidc"
+)
 
 type Storage interface {
 	CreateAuthRequest(*oidc.AuthRequest) (AuthRequest, error)
@@ -10,12 +14,7 @@ type Storage interface {
 	AuthorizeClientIDSecret(string, string) (Client, error)
 	AuthorizeClientIDCodeVerifier(string, string) (Client, error)
 	DeleteAuthRequestAndCode(string, string) error
-}
+	GetSigningKey() (jose.SigningKey, error)
-
-type ErrAuthRequest interface {
-	GetRedirectURI() string
-	GetResponseType() oidc.ResponseType
-	GetState() string
 }
 
 type AuthRequest interface {

pkg/op/tokenrequest.go

@@ -7,7 +7,6 @@ import (
 
 	"gopkg.in/square/go-jose.v2"
 
-	"github.com/caos/oidc/pkg/op/u"
 	"github.com/caos/oidc/pkg/utils"
 
 	"github.com/gorilla/schema"
@@ -26,7 +25,13 @@ import (
 // 	return ParseTokenExchangeRequest(w, r)
 // }
 
-func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, decoder *schema.Decoder) {
+type Exchanger interface {
+	Storage() Storage
+	Decoder() *schema.Decoder
+	Signer() Signer
+}
+
+func CodeExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
 	err := r.ParseForm()
 	if err != nil {
 		ExchangeRequestError(w, r, ErrInvalidRequest("error parsing form"))
@@ -34,7 +39,7 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, dec
 	}
 	tokenReq := new(oidc.AccessTokenRequest)
 
-	err = decoder.Decode(tokenReq, r.Form)
+	err = exchanger.Decoder().Decode(tokenReq, r.Form)
 	if err != nil {
 		ExchangeRequestError(w, r, ErrInvalidRequest("error decoding form"))
 		return
@@ -44,17 +49,17 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, dec
 		return
 	}
 
-	client, err := AuthorizeClient(r, tokenReq, storage)
+	client, err := AuthorizeClient(r, tokenReq, exchanger.Storage())
 	if err != nil {
 		ExchangeRequestError(w, r, err)
 		return
 	}
-	authReq, err := storage.AuthRequestByCode(client, tokenReq.Code, tokenReq.RedirectURI)
+	authReq, err := exchanger.Storage().AuthRequestByCode(client, tokenReq.Code, tokenReq.RedirectURI)
 	if err != nil {
 		ExchangeRequestError(w, r, err)
 		return
 	}
-	err = storage.DeleteAuthRequestAndCode(authReq.GetID(), tokenReq.Code)
+	err = exchanger.Storage().DeleteAuthRequestAndCode(authReq.GetID(), tokenReq.Code)
 	if err != nil {
 		ExchangeRequestError(w, r, err)
 		return
@@ -64,7 +69,7 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, storage u.Storage, dec
 		ExchangeRequestError(w, r, err)
 		return
 	}
-	idToken, err := CreateIDToken("", authReq, "", time.Now(), time.Now(), "", nil)
+	idToken, err := CreateIDToken("", authReq, "", time.Now(), time.Now(), "", exchanger.Signer())
 	if err != nil {
 		ExchangeRequestError(w, r, err)
 		return
@@ -81,7 +86,7 @@ func CreateAccessToken() (string, error) {
 	return "accessToken", nil
 }
 
-func CreateIDToken(issuer string, authReq u.AuthRequest, sub string, exp, authTime time.Time, accessToken string, signer u.Signer) (string, error) {
+func CreateIDToken(issuer string, authReq AuthRequest, sub string, exp, authTime time.Time, accessToken string, signer Signer) (string, error) {
 	var err error
 	claims := &oidc.IDTokenClaims{
 		Issuer:                              issuer,
@@ -102,10 +107,23 @@ func CreateIDToken(issuer string, authReq u.AuthRequest, sub string, exp, authTi
 			return "", err
 		}
 	}
-	return signer.Sign(claims)
+
+	return signer.SignIDToken(claims)
 }
 
-func AuthorizeClient(r *http.Request, tokenReq *oidc.AccessTokenRequest, storage u.Storage) (u.Client, error) {
+type Signe struct {
+	signer jose.Signer
+}
+
+func (s *Signe) Sign(payload []byte) (string, error) {
+	result, err := s.signer.Sign(payload)
+	if err != nil {
+		return "", err
+	}
+	return result.CompactSerialize()
+}
+
+func AuthorizeClient(r *http.Request, tokenReq *oidc.AccessTokenRequest, storage Storage) (Client, error) {
 	if tokenReq.ClientID == "" {
 		clientID, clientSecret, ok := r.BasicAuth()
 		if ok {
@@ -126,7 +144,7 @@ func ParseTokenExchangeRequest(w http.ResponseWriter, r *http.Request) (oidc.Tok
 	return nil, errors.New("Unimplemented") //TODO: impl
 }
 
-func ValidateTokenExchangeRequest(tokenReq oidc.TokenRequest, storage u.Storage) error {
+func ValidateTokenExchangeRequest(tokenReq oidc.TokenRequest, storage Storage) error {
 
 	return errors.New("Unimplemented") //TODO: impl
 }

pkg/op/u/signer.go

@@ -1,9 +0,0 @@
-package u
-
-import (
-	"github.com/caos/oidc/pkg/oidc"
-)
-
-type Signer interface {
-	Sign(claims *oidc.IDTokenClaims) (string, error)
-}

pkg/rp/go.mod

@@ -4,10 +4,9 @@ go 1.13
 
 require (
 	github.com/caos/oidc/pkg/oidc v0.0.0-00010101000000-000000000000
-	github.com/caos/oidc/pkg/rp v0.0.0-00010101000000-000000000000
 	github.com/caos/oidc/pkg/utils v0.0.0-00010101000000-000000000000
 	github.com/caos/utils v0.0.0-20191104132131-b318678afbef
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+	golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c
 	gopkg.in/square/go-jose.v2 v2.4.0
 )
 

pkg/rp/go.sum

@@ -13,10 +13,12 @@ github.com/caos/utils/pairs v0.0.0-20191104132131-b318678afbef/go.mod h1:UZHeoVF
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
@@ -33,10 +35,14 @@ github.com/grpc-ecosystem/grpc-gateway v1.11.3/go.mod h1:vNeuVxBJEsws4ogUvrchl83
 github.com/grpc-ecosystem/grpc-gateway v1.12.1 h1:zCy2xE9ablevUOrUZc3Dl72Dt+ya2FNAvC2yLYMHzi4=
 github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -46,10 +52,11 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f h1:kz4KIr+xcPUsI3VMoqWfPMvtnJ6MGfiVwsWSVzphMO4=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8=
-golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -64,11 +71,11 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914 h1:MlY3mEfbnWGmUi4rtHOtNnnnN4UJRGSyLPx+DXA5Sq4=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933 h1:e6HwijUxhDe+hPNjZQQn9bA5PW3vNmnN64U2ZW759Lk=
-golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c h1:HjRaKPaiWks0f5tA6ELVF7ZfqSppfPwOEEAvsrKUTO4=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191122200657-5d9234df094c/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -79,8 +86,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU=
-golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@@ -106,12 +113,14 @@ google.golang.org/grpc v1.24.0/go.mod h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRn
 google.golang.org/grpc v1.25.1 h1:wdKvqQk7IttEw92GoRyKG2IDrUIpgpj6H6m81yfeMW0=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.4.0 h1:0kXPskUMGAXXWJlP05ktEMOV0vmzFQUWw6d+aZJQU8A=
 gopkg.in/square/go-jose.v2 v2.4.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3 h1:fvjTMHxHEw/mxHbtzPi3JCcKXQRAnQTBRo6YCJSVHKI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

pkg/utils/go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/gorilla/schema v1.1.0
 	github.com/gorilla/securecookie v1.1.1
 	github.com/grpc-ecosystem/grpc-gateway v1.12.1 // indirect
-	golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 // indirect
+	golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 // indirect
 	google.golang.org/genproto v0.0.0-20191115221424-83cc0476cb11 // indirect
 	google.golang.org/grpc v1.25.1 // indirect
 )

pkg/utils/go.sum

@@ -73,8 +73,8 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed h1:5TJcLJn2a55mJjzYk0yOoqN8X1OdvBDUnaZaKKyQtkY=
 golang.org/x/sys v0.0.0-20191002091554-b397fe3ad8ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2 h1:wAW1U21MfVN0sUipAD8952TBjGXMRHFKQugDlQ9RwwE=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9 h1:ZBzSG/7F4eNKz2L3GE9o300RX0Az1Bw5HF7PDraD+qU=
-golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=