resolve (most) review comments

2023-03-10 14:23:07 +02:00 · 2023-03-10 14:23:07 +02:00 · 5bf72089b0
commit 5bf72089b0
parent 434b3fae82
5 changed files with 57 additions and 19 deletions
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@ -51,18 +51,46 @@ type TokenClaims struct {
 	SignatureAlg jose.SignatureAlgorithm `json:"-"`
 }

-func (c *TokenClaims) GetIssuer() string                              { return c.Issuer }
-func (c *TokenClaims) GetSubject() string                             { return c.Subject }
-func (c *TokenClaims) GetAudience() []string                          { return c.Audience }
-func (c *TokenClaims) GetExpiration() time.Time                       { return c.Expiration.AsTime() }
-func (c *TokenClaims) GetIssuedAt() time.Time                         { return c.IssuedAt.AsTime() }
-func (c *TokenClaims) GetNonce() string                               { return c.Nonce }
-func (c *TokenClaims) GetAuthTime() time.Time                         { return c.AuthTime.AsTime() }
-func (c *TokenClaims) GetAuthorizedParty() string                     { return c.AuthorizedParty }
-func (c *TokenClaims) GetSignatureAlgorithm() jose.SignatureAlgorithm { return c.SignatureAlg }
+func (c *TokenClaims) GetIssuer() string {
+	return c.Issuer
+}
+
+func (c *TokenClaims) GetSubject() string {
+	return c.Subject
+}
+
+func (c *TokenClaims) GetAudience() []string {
+	return c.Audience
+}
+
+func (c *TokenClaims) GetExpiration() time.Time {
+	return c.Expiration.AsTime()
+}
+
+func (c *TokenClaims) GetIssuedAt() time.Time {
+	return c.IssuedAt.AsTime()
+}
+
+func (c *TokenClaims) GetNonce() string {
+	return c.Nonce
+}
+
+func (c *TokenClaims) GetAuthTime() time.Time {
+	return c.AuthTime.AsTime()
+}
+
+func (c *TokenClaims) GetAuthorizedParty() string {
+	return c.AuthorizedParty
+}
+
+func (c *TokenClaims) GetSignatureAlgorithm() jose.SignatureAlgorithm {
+	return c.SignatureAlg
+}
+
 func (c *TokenClaims) GetAuthenticationContextClassReference() string {
 	return c.AuthenticationContextClassReference
 }
+
 func (c *TokenClaims) SetSignatureAlgorithm(algorithm jose.SignatureAlgorithm) {
 	c.SignatureAlg = algorithm
 }
@ -110,7 +138,7 @@ type IDTokenClaims struct {
 	NotBefore       Time   `json:"nbf,omitempty"`
 	AccessTokenHash string `json:"at_hash,omitempty"`
 	CodeHash        string `json:"c_hash,omitempty"`
-	SessionID       string `json:"sid,omitempty"` // IDToken - session management spec
+	SessionID       string `json:"sid,omitempty"`
 	UserInfoProfile
 	UserInfoEmail
 	UserInfoPhone
--- a/pkg/oidc/token_test.go
+++ b/pkg/oidc/token_test.go
@ -154,6 +154,13 @@ func TestNewAccessTokenClaims(t *testing.T) {
 		want.Expiration.AsTime(), want.JWTID, "foo", time.Second,
 	)

+	// test if the dynamic timestamps are around now,
+	// allowing for a delta of 1, just in case we flip on
+	// either side of a second boundry.
+	nowMinusSkew := NowTime() - 1
+	assert.InDelta(t, int64(nowMinusSkew), int64(got.IssuedAt), 1)
+	assert.InDelta(t, int64(nowMinusSkew), int64(got.NotBefore), 1)
+
 	// Make equal not fail on dynamic timestamp
 	got.IssuedAt = 0
 	got.NotBefore = 0
@ -207,6 +214,12 @@ func TestNewIDTokenClaims(t *testing.T) {
 		time.Second,
 	)

+	// test if the dynamic timestamp is around now,
+	// allowing for a delta of 1, just in case we flip on
+	// either side of a second boundry.
+	nowMinusSkew := NowTime() - 1
+	assert.InDelta(t, int64(nowMinusSkew), int64(got.IssuedAt), 1)
+
 	// Make equal not fail on dynamic timestamp
 	got.IssuedAt = 0