feat: add access token verifier ops to openidProvider (#221)

pkg/op/op.go

@@ -185,6 +185,7 @@ type openidProvider struct {
 	encoder                 *schema.Encoder
 	interceptors            []HttpInterceptor
 	timer                   <-chan time.Time
+	accessTokenVerifierOpts []AccessTokenVerifierOpt
 }
 
 func (o *openidProvider) Issuer() string {
@@ -453,6 +454,13 @@ func WithHttpInterceptors(interceptors ...HttpInterceptor) Option {
 	}
 }
 
+func WithAccessTokenVerifierOpts(opts ...AccessTokenVerifierOpt) Option {
+	return func(o *openidProvider) error {
+		o.accessTokenVerifierOpts = opts
+		return nil
+	}
+}
+
 func buildInterceptor(interceptors ...HttpInterceptor) func(http.HandlerFunc) http.Handler {
 	return func(handlerFunc http.HandlerFunc) http.Handler {
 		handler := handlerFuncToHandler(handlerFunc)

pkg/op/verifier_access_token.go

@@ -48,11 +48,22 @@ func (i *accessTokenVerifier) KeySet() oidc.KeySet {
 	return i.keySet
 }
 
-func NewAccessTokenVerifier(issuer string, keySet oidc.KeySet) AccessTokenVerifier {
+type AccessTokenVerifierOpt func(*accessTokenVerifier)
+
+func WithSupportedAccessTokenSigningAlgorithms(algs ...string) AccessTokenVerifierOpt {
+	return func(verifier *accessTokenVerifier) {
+		verifier.supportedSignAlgs = algs
+	}
+}
+
+func NewAccessTokenVerifier(issuer string, keySet oidc.KeySet, opts ...AccessTokenVerifierOpt) AccessTokenVerifier {
 	verifier := &accessTokenVerifier{
 		issuer: issuer,
 		keySet: keySet,
 	}
+	for _, opt := range opts {
+		opt(verifier)
+	}
 	return verifier
 }