feat: add access token verifier ops to openidProvider (#221)

2022-09-29 22:39:40 -07:00 · 2022-09-29 22:39:40 -07:00 · 328d0e1251
commit 328d0e1251
parent 2d248b1a1a
2 changed files with 34 additions and 15 deletions
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -185,6 +185,7 @@ type openidProvider struct {
 	encoder                 *schema.Encoder
 	interceptors            []HttpInterceptor
 	timer                   <-chan time.Time
+	accessTokenVerifierOpts []AccessTokenVerifierOpt
 }

 func (o *openidProvider) Issuer() string {
@ -453,6 +454,13 @@ func WithHttpInterceptors(interceptors ...HttpInterceptor) Option {
 	}
 }

+func WithAccessTokenVerifierOpts(opts ...AccessTokenVerifierOpt) Option {
+	return func(o *openidProvider) error {
+		o.accessTokenVerifierOpts = opts
+		return nil
+	}
+}
+
 func buildInterceptor(interceptors ...HttpInterceptor) func(http.HandlerFunc) http.Handler {
 	return func(handlerFunc http.HandlerFunc) http.Handler {
 		handler := handlerFuncToHandler(handlerFunc)
--- a/pkg/op/verifier_access_token.go
+++ b/pkg/op/verifier_access_token.go
@ -48,11 +48,22 @@ func (i *accessTokenVerifier) KeySet() oidc.KeySet {
 	return i.keySet
 }

-func NewAccessTokenVerifier(issuer string, keySet oidc.KeySet) AccessTokenVerifier {
+type AccessTokenVerifierOpt func(*accessTokenVerifier)
+
+func WithSupportedAccessTokenSigningAlgorithms(algs ...string) AccessTokenVerifierOpt {
+	return func(verifier *accessTokenVerifier) {
+		verifier.supportedSignAlgs = algs
+	}
+}
+
+func NewAccessTokenVerifier(issuer string, keySet oidc.KeySet, opts ...AccessTokenVerifierOpt) AccessTokenVerifier {
 	verifier := &accessTokenVerifier{
 		issuer: issuer,
 		keySet: keySet,
 	}
+	for _, opt := range opts {
+		opt(verifier)
+	}
 	return verifier
 }