resolve (most) review comments

example/server/storage/storage.go

@@ -625,7 +625,6 @@ func (s *Storage) setUserinfo(ctx context.Context, userInfo *oidc.UserInfo, user
 		case oidc.ScopeEmail:
 			userInfo.Email = user.Email
 			userInfo.EmailVerified = oidc.Bool(user.EmailVerified)
-			//user.Email, user.EmailVerified
 		case oidc.ScopeProfile:
 			userInfo.PreferredUsername = user.Username
 			userInfo.Name = user.FirstName + " " + user.LastName

pkg/client/rp/verifier_tokens_example_test.go

@@ -10,9 +10,8 @@ import (
 )
 
 // MyCustomClaims extends the TokenClaims base,
-// so it implments the oidc.Claims interface.
+// so it implmeents the oidc.Claims interface.
-// Instead of carying a map, we add needed fields
+// Instead of carrying a map, we add needed fields// to the struct for type safe access.
-// to the struct for type safe access.
 type MyCustomClaims struct {
 	oidc.TokenClaims
 	NotBefore       oidc.Time `json:"nbf,omitempty"`
@@ -34,7 +33,7 @@ type Nested struct {
 }
 
 /*
-idToken caries the following claims. foo and bar are custom claims
+idToken carries the following claims. foo and bar are custom claims
 
 	{
 		"acr": "something",

pkg/oidc/token.go

@@ -51,18 +51,46 @@ type TokenClaims struct {
 	SignatureAlg jose.SignatureAlgorithm `json:"-"`
 }
 
-func (c *TokenClaims) GetIssuer() string                              { return c.Issuer }
+func (c *TokenClaims) GetIssuer() string {
-func (c *TokenClaims) GetSubject() string                             { return c.Subject }
+	return c.Issuer
-func (c *TokenClaims) GetAudience() []string                          { return c.Audience }
+}
-func (c *TokenClaims) GetExpiration() time.Time                       { return c.Expiration.AsTime() }
+
-func (c *TokenClaims) GetIssuedAt() time.Time                         { return c.IssuedAt.AsTime() }
+func (c *TokenClaims) GetSubject() string {
-func (c *TokenClaims) GetNonce() string                               { return c.Nonce }
+	return c.Subject
-func (c *TokenClaims) GetAuthTime() time.Time                         { return c.AuthTime.AsTime() }
+}
-func (c *TokenClaims) GetAuthorizedParty() string                     { return c.AuthorizedParty }
+
-func (c *TokenClaims) GetSignatureAlgorithm() jose.SignatureAlgorithm { return c.SignatureAlg }
+func (c *TokenClaims) GetAudience() []string {
+	return c.Audience
+}
+
+func (c *TokenClaims) GetExpiration() time.Time {
+	return c.Expiration.AsTime()
+}
+
+func (c *TokenClaims) GetIssuedAt() time.Time {
+	return c.IssuedAt.AsTime()
+}
+
+func (c *TokenClaims) GetNonce() string {
+	return c.Nonce
+}
+
+func (c *TokenClaims) GetAuthTime() time.Time {
+	return c.AuthTime.AsTime()
+}
+
+func (c *TokenClaims) GetAuthorizedParty() string {
+	return c.AuthorizedParty
+}
+
+func (c *TokenClaims) GetSignatureAlgorithm() jose.SignatureAlgorithm {
+	return c.SignatureAlg
+}
+
 func (c *TokenClaims) GetAuthenticationContextClassReference() string {
 	return c.AuthenticationContextClassReference
 }
+
 func (c *TokenClaims) SetSignatureAlgorithm(algorithm jose.SignatureAlgorithm) {
 	c.SignatureAlg = algorithm
 }
@@ -110,7 +138,7 @@ type IDTokenClaims struct {
 	NotBefore       Time   `json:"nbf,omitempty"`
 	AccessTokenHash string `json:"at_hash,omitempty"`
 	CodeHash        string `json:"c_hash,omitempty"`
-	SessionID       string `json:"sid,omitempty"` // IDToken - session management spec
+	SessionID       string `json:"sid,omitempty"`
 	UserInfoProfile
 	UserInfoEmail
 	UserInfoPhone

pkg/oidc/token_test.go

@@ -154,6 +154,13 @@ func TestNewAccessTokenClaims(t *testing.T) {
 		want.Expiration.AsTime(), want.JWTID, "foo", time.Second,
 	)
 
+	// test if the dynamic timestamps are around now,
+	// allowing for a delta of 1, just in case we flip on
+	// either side of a second boundry.
+	nowMinusSkew := NowTime() - 1
+	assert.InDelta(t, int64(nowMinusSkew), int64(got.IssuedAt), 1)
+	assert.InDelta(t, int64(nowMinusSkew), int64(got.NotBefore), 1)
+
 	// Make equal not fail on dynamic timestamp
 	got.IssuedAt = 0
 	got.NotBefore = 0
@@ -207,6 +214,12 @@ func TestNewIDTokenClaims(t *testing.T) {
 		time.Second,
 	)
 
+	// test if the dynamic timestamp is around now,
+	// allowing for a delta of 1, just in case we flip on
+	// either side of a second boundry.
+	nowMinusSkew := NowTime() - 1
+	assert.InDelta(t, int64(nowMinusSkew), int64(got.IssuedAt), 1)
+
 	// Make equal not fail on dynamic timestamp
 	got.IssuedAt = 0
 

pkg/op/verifier_access_token_example_test.go

@@ -10,9 +10,8 @@ import (
 )
 
 // MyCustomClaims extends the TokenClaims base,
-// so it implments the oidc.Claims interface.
+// so it implements the oidc.Claims interface.
-// Instead of carying a map, we add needed fields
+// Instead of carrying a map, we add needed fields// to the struct for type safe access.
-// to the struct for type safe access.
 type MyCustomClaims struct {
 	oidc.TokenClaims
 	NotBefore            oidc.Time `json:"nbf,omitempty"`
@@ -31,7 +30,7 @@ type Nested struct {
 }
 
 /*
-accessToken caries the following claims. foo and bar are custom claims
+accessToken carries the following claims. foo and bar are custom claims
 
 	{
 		"aud": [