cleanup

2020-09-16 15:22:15 +02:00 · 2020-09-16 15:22:15 +02:00 · 64797c1df6
commit 64797c1df6
parent 5b6175acfc
9 changed files with 39 additions and 44 deletions
--- a/pkg/op/op.go
+++ b/pkg/op/op.go
@ -212,7 +212,7 @@ func (o *openidProvider) IDTokenHintVerifier() IDTokenHintVerifier {

 func (o *openidProvider) JWTProfileVerifier() JWTProfileVerifier {
 	if o.jwtProfileVerifier == nil {
-		o.jwtProfileVerifier = NewJWTProfileVerifier(o.Storage(), o.Issuer())
+		o.jwtProfileVerifier = NewJWTProfileVerifier(o.Storage(), o.Issuer(), 1*time.Hour, time.Second)
 	}
 	return o.jwtProfileVerifier
 }
--- a/pkg/op/signer.go
+++ b/pkg/op/signer.go
@ -1,13 +1,12 @@
 package op

 import (
+	"context"
 	"encoding/json"
 	"errors"

-	"golang.org/x/net/context"
-	"gopkg.in/square/go-jose.v2"
-
 	"github.com/caos/logging"
+	"gopkg.in/square/go-jose.v2"

 	"github.com/caos/oidc/pkg/oidc"
 )
--- a/pkg/op/token.go
+++ b/pkg/op/token.go
@ -15,7 +15,6 @@ type TokenCreator interface {
 }

 type TokenRequest interface {
-	GetClientID() string
 	GetSubject() string
 	GetAudience() []string
 	GetScopes() []string
--- a/pkg/op/tokenrequest.go
+++ b/pkg/op/tokenrequest.go
@ -6,6 +6,7 @@ import (
 	"net/http"

 	"github.com/caos/oidc/pkg/oidc"
+	"github.com/caos/oidc/pkg/oidc/grants/tokenexchange"
 	"github.com/caos/oidc/pkg/utils"
 )

@ -161,14 +162,12 @@ func ParseJWTProfileRequest(r *http.Request, decoder utils.Decoder) (string, err
 	if err != nil {
 		return "", ErrInvalidRequest("error parsing form")
 	}
-	tokenReq := new(struct {
-		Token string `schema:"assertion"`
-	})
+	tokenReq := new(tokenexchange.JWTProfileRequest)
 	err = decoder.Decode(tokenReq, r.Form)
 	if err != nil {
 		return "", ErrInvalidRequest("error decoding form")
 	}
-	return tokenReq.Token, nil
+	return tokenReq.Assertion, nil
 }

 func TokenExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
--- a/pkg/op/verifier_jwt_profile.go
+++ b/pkg/op/verifier_jwt_profile.go
@ -16,14 +16,18 @@ type JWTProfileVerifier interface {
 }

 type jwtProfileVerifier struct {
-	storage Storage
-	issuer  string
+	storage   Storage
+	issuer    string
+	maxAgeIAT time.Duration
+	offset    time.Duration
 }

-func NewJWTProfileVerifier(storage Storage, issuer string) JWTProfileVerifier {
+func NewJWTProfileVerifier(storage Storage, issuer string, maxAgeIAT, offset time.Duration) JWTProfileVerifier {
 	return &jwtProfileVerifier{
-		storage: storage,
-		issuer:  issuer,
+		storage:   storage,
+		issuer:    issuer,
+		maxAgeIAT: maxAgeIAT,
+		offset:    offset,
 	}
 }

@ -36,13 +40,11 @@ func (v *jwtProfileVerifier) Storage() Storage {
 }

 func (v *jwtProfileVerifier) MaxAgeIAT() time.Duration {
-	//TODO: define in conf/opts
-	return 1 * time.Hour
+	return v.maxAgeIAT
 }

 func (v *jwtProfileVerifier) Offset() time.Duration {
-	//TODO: define in conf/opts
-	return time.Second
+	return v.offset
 }

 func VerifyJWTAssertion(ctx context.Context, assertion string, v JWTProfileVerifier) (*oidc.JWTTokenRequest, error) {