fix: handle single aud string claim, extract en/decoder interface, comments (#51)

* en/decoding abstraction * some comments * fix token validation and error messages * fix: audience mapping (single aud string) * fix tests with VerifyIdToken * reformat imports * go mod tidy * Update pkg/oidc/authorization.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update pkg/oidc/authorization.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update pkg/op/authrequest_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix capitalization Co-authored-by: Silvan <silvan.reusser@gmail.com>
2020-09-07 12:32:35 +02:00 · 2020-09-07 12:32:35 +02:00 · abd3b6f521
commit abd3b6f521
parent 822ffb581f
24 changed files with 381 additions and 139 deletions
--- a/pkg/op/session.go
+++ b/pkg/op/session.go
@ -6,11 +6,11 @@ import (

 	"github.com/caos/oidc/pkg/oidc"
 	"github.com/caos/oidc/pkg/rp"
-	"github.com/gorilla/schema"
+	"github.com/caos/oidc/pkg/utils"
 )

 type SessionEnder interface {
-	Decoder() *schema.Decoder
+	Decoder() utils.Decoder
 	Storage() Storage
 	IDTokenVerifier() rp.Verifier
 	DefaultLogoutRedirectURI() string
@ -39,7 +39,7 @@ func EndSession(w http.ResponseWriter, r *http.Request, ender SessionEnder) {
 	http.Redirect(w, r, session.RedirectURI, http.StatusFound)
 }

-func ParseEndSessionRequest(r *http.Request, decoder *schema.Decoder) (*oidc.EndSessionRequest, error) {
+func ParseEndSessionRequest(r *http.Request, decoder utils.Decoder) (*oidc.EndSessionRequest, error) {
 	err := r.ParseForm()
 	if err != nil {
 		return nil, ErrInvalidRequest("error parsing form")
@ -57,7 +57,7 @@ func ValidateEndSessionRequest(ctx context.Context, req *oidc.EndSessionRequest,
 	if req.IdTokenHint == "" {
 		return session, nil
 	}
-	claims, err := ender.IDTokenVerifier().Verify(ctx, "", req.IdTokenHint)
+	claims, err := ender.IDTokenVerifier().VerifyIDToken(ctx, req.IdTokenHint)
 	if err != nil {
 		return nil, ErrInvalidRequest("id_token_hint invalid")
 	}