From b02a2701d3a7a488a2cc161d527686f9f6e7c063 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Wed, 6 Apr 2022 11:13:07 +0200
Subject: [PATCH] some comments

---
 example/server/internal/client.go  | 4 ++--
 example/server/internal/storage.go | 3 +++
 example/server/op.go               | 5 +++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/example/server/internal/client.go b/example/server/internal/client.go
index ff9d5a4..5bcc862 100644
--- a/example/server/internal/client.go
+++ b/example/server/internal/client.go
@@ -44,7 +44,7 @@ func (c *Client) RedirectURIs() []string {
 	return c.redirectURIs
 }
 
-//PostLogoutRedirectURIs must return the registered post_logout_redirect_uris for signouts
+//PostLogoutRedirectURIs must return the registered post_logout_redirect_uris for sign-outs
 func (c *Client) PostLogoutRedirectURIs() []string {
 	return []string{}
 }
@@ -160,7 +160,7 @@ func NativeClient(id string, redirectURIs ...string) *Client {
 	}
 }
 
-//WebClient will create a client of type web, which will always use PKCE and allow the use of refresh tokens
+//WebClient will create a client of type web, which will always use Basic Auth and allow the use of refresh tokens
 //user-defined redirectURIs may include:
 // - http://localhost with port specification (e.g. http://localhost:9999/auth/callback)
 //(the example will be used as default, if none is provided)
diff --git a/example/server/internal/storage.go b/example/server/internal/storage.go
index e6dedcf..a691071 100644
--- a/example/server/internal/storage.go
+++ b/example/server/internal/storage.go
@@ -379,6 +379,9 @@ func (s *storage) GetKeyByIDAndUserID(ctx context.Context, keyID, userID string)
 		return nil, fmt.Errorf("user not found")
 	}
 	key, ok := service.keys[keyID]
+	if !ok {
+		return nil, fmt.Errorf("key not found")
+	}
 	return &jose.JSONWebKey{
 		KeyID: keyID,
 		Use:   "sig",
diff --git a/example/server/op.go b/example/server/op.go
index f075a7b..54b5041 100644
--- a/example/server/op.go
+++ b/example/server/op.go
@@ -30,8 +30,13 @@ func init() {
 func main() {
 	ctx := context.Background()
 
+	//this will allow us to use an issuer with http:// instead of https://
 	os.Setenv(op.OidcDevMode, "true")
+
 	port := "9998"
+
+	//the OpenID Provider requires a 32-byte key for (token) encryption
+	//be sure to create a proper crypto random key and manage it securely!
 	key := sha256.Sum256([]byte("test"))
 
 	router := mux.NewRouter()