From 9c58deded390180b05cb843d8ee8cda8af67c04c Mon Sep 17 00:00:00 2001 From: Fabiennne Date: Mon, 2 Nov 2020 10:25:57 +0100 Subject: [PATCH] fix: remove comments --- pkg/op/client.go | 2 -- pkg/op/mock/storage.mock.impl.go | 7 ------- pkg/op/token.go | 4 +--- 3 files changed, 1 insertion(+), 12 deletions(-) diff --git a/pkg/op/client.go b/pkg/op/client.go index 2ef2ca5..ceca8b0 100644 --- a/pkg/op/client.go +++ b/pkg/op/client.go @@ -34,8 +34,6 @@ type Client interface { AccessTokenType() AccessTokenType IDTokenLifetime() time.Duration DevMode() bool - //AssertAdditionalIdTokenScopes() bool - //AssertAdditionalAccessTokenScopes() bool RestrictAdditionalIdTokenScopes() func(scopes []string) []string RestrictAdditionalAccessTokenScopes() func(scopes []string) []string IsScopeAllowed(scope string) bool diff --git a/pkg/op/mock/storage.mock.impl.go b/pkg/op/mock/storage.mock.impl.go index bbd510f..92d5ad7 100644 --- a/pkg/op/mock/storage.mock.impl.go +++ b/pkg/op/mock/storage.mock.impl.go @@ -171,13 +171,6 @@ func (c *ConfClient) DevMode() bool { func (c *ConfClient) AllowedScopes() []string { return nil } - -//func (c *ConfClient) AssertAdditionalIdTokenScopes() bool { -// return false -//} -//func (c *ConfClient) AssertAdditionalAccessTokenScopes() bool { -// return false -//} func (c *ConfClient) RestrictAdditionalIdTokenScopes() func(scopes []string) []string { return func(scopes []string) []string { return scopes diff --git a/pkg/op/token.go b/pkg/op/token.go index 091ac02..4fd4c0a 100644 --- a/pkg/op/token.go +++ b/pkg/op/token.go @@ -98,8 +98,7 @@ func CreateJWT(ctx context.Context, issuer string, tokenRequest TokenRequest, ex func CreateIDToken(ctx context.Context, issuer string, authReq AuthRequest, validity time.Duration, accessToken, code string, storage Storage, signer Signer, restictAdditionalScopesFunc func([]string) []string) (string, error) { exp := time.Now().UTC().Add(validity) claims := oidc.NewIDTokenClaims(issuer, authReq.GetSubject(), authReq.GetAudience(), exp, authReq.GetAuthTime(), authReq.GetNonce(), authReq.GetACR(), authReq.GetAMR(), authReq.GetClientID()) - scopes := authReq.GetScopes() - + scopes := restictAdditionalScopesFunc(authReq.GetScopes()) if accessToken != "" { atHash, err := oidc.ClaimHash(accessToken, signer.SignatureAlgorithm()) if err != nil { @@ -108,7 +107,6 @@ func CreateIDToken(ctx context.Context, issuer string, authReq AuthRequest, vali claims.SetAccessTokenHash(atHash) scopes = removeUserinfoScopes(scopes) } - scopes = restictAdditionalScopesFunc(scopes) if len(scopes) > 0 { userInfo, err := storage.GetUserinfoFromScopes(ctx, authReq.GetSubject(), authReq.GetClientID(), scopes) if err != nil {