Merge branch 'master' into service-accounts

2020-09-10 16:21:40 +02:00 · 2020-09-10 16:21:40 +02:00 · 6be292a984
commit 6be292a984
parent eaf47fde8e 30f60da90d
5 changed files with 22 additions and 11 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -5,7 +5,7 @@ jobs:
    runs-on: ubuntu-18.04
    strategy:
      matrix:
-        go: ['1.11', '1.12', '1.13', '1.14']
+        go: ['1.14', '1.15']
    name: Go ${{ matrix.go }} test
    steps:
      - uses: actions/checkout@v2
--- a/README.md
+++ b/README.md
@ -39,11 +39,9 @@ For your convinience you can find the relevant standards linked below.

 | Version | Supported          |
 |---------|--------------------|
-| <1.11   | :x:                |
-| 1.11    | :white_check_mark: |
-| 1.12    | :white_check_mark: |
-| 1.13    | :white_check_mark: |
+| <1.13   | :x:                |
 | 1.14    | :white_check_mark: |
+| 1.15    | :white_check_mark: |

 ## Why another library

--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module github.com/caos/oidc

-go 1.13
+go 1.15

 require (
 	github.com/caos/logging v0.0.0-20191210002624-b3260f690a6a
--- a/pkg/oidc/token.go
+++ b/pkg/oidc/token.go
@ -277,10 +277,16 @@ func timeToJSON(t time.Time) int64 {
 	return t.Unix()
 }

-func audienceFromJSON(audience interface{}) []string {
-	switch aud := audience.(type) {
+func audienceFromJSON(i interface{}) []string {
+	switch aud := i.(type) {
 	case []string:
 		return aud
+	case []interface{}:
+		audience := make([]string, len(aud))
+		for i, a := range aud {
+			audience[i] = a.(string)
+		}
+		return audience
 	case string:
 		return []string{aud}
 	}
--- a/pkg/rp/default_rp.go
+++ b/pkg/rp/default_rp.go
@ -40,8 +40,9 @@ type DefaultRP struct {

 	errorHandler func(http.ResponseWriter, *http.Request, string, string, string)

-	verifier   Verifier
-	onlyOAuth2 bool
+	verifier     Verifier
+	verifierOpts []ConfFunc
+	onlyOAuth2   bool
 }

 //NewDefaultRP creates `DefaultRP` with the given
@ -79,7 +80,7 @@ func NewDefaultRP(rpConfig *Config, rpOpts ...DefaultRPOpts) (DelegationTokenExc
 	}

 	if p.verifier == nil {
-		p.verifier = NewDefaultVerifier(rpConfig.Issuer, rpConfig.ClientID, NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL))
+		p.verifier = NewDefaultVerifier(rpConfig.Issuer, rpConfig.ClientID, NewRemoteKeySet(p.httpClient, p.endpoints.JKWsURL), p.verifierOpts...)
 	}

 	return p, nil
@ -112,6 +113,12 @@ func WithHTTPClient(client *http.Client) DefaultRPOpts {
 	}
 }

+func WithVerifierOpts(opts ...ConfFunc) DefaultRPOpts {
+	return func(p *DefaultRP) {
+		p.verifierOpts = opts
+	}
+}
+
 //AuthURL is the `RelayingParty` interface implementation
 //wrapping the oauth2 `AuthCodeURL`
 //returning the url of the auth request