Merge branch 'master' into signingkey

example/client/app/app.go

@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
+	"strings"
 	"time"
 
 	"github.com/google/uuid"
@@ -28,11 +29,11 @@ func main() {
 	clientSecret := os.Getenv("CLIENT_SECRET")
 	issuer := os.Getenv("ISSUER")
 	port := os.Getenv("PORT")
+	scopes := strings.Split(os.Getenv("SCOPES"), " ")
 
 	ctx := context.Background()
 
 	redirectURI := fmt.Sprintf("http://localhost:%v%v", port, callbackPath)
-	scopes := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeAddress}
 	cookieHandler := utils.NewCookieHandler(key, key, utils.WithUnsecure())
 	provider, err := rp.NewRelayingPartyOIDC(issuer, clientID, clientSecret, redirectURI, scopes,
 		rp.WithPKCE(cookieHandler),

example/internal/mock/storage.go

@@ -281,10 +281,26 @@ func (c *ConfClient) AllowedScopes() []string {
 	return nil
 }
 
-func (c *ConfClient) AssertAdditionalIdTokenScopes() bool {
+func (c *ConfClient) RestrictAdditionalIdTokenScopes() func(scopes []string) []string {
+	return func(scopes []string) []string {
+		return scopes
+	}
+}
+
+func (c *ConfClient) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string {
+	return func(scopes []string) []string {
+		return scopes
+	}
+}
+
+func (c *ConfClient) IsScopeAllowed(scope string) bool {
 	return false
 }
 
-func (c *ConfClient) AssertAdditionalAccessTokenScopes() bool {
+func (c *ConfClient) IDTokenUserinfoClaimsAssertion() bool {
 	return false
 }
+
+func (c *ConfClient) ClockSkew() time.Duration {
+	return 0
+}

example/server/default/default.go

@@ -68,5 +68,5 @@ func HandleLogin(w http.ResponseWriter, r *http.Request) {
 func HandleCallback(w http.ResponseWriter, r *http.Request) {
 	r.ParseForm()
 	client := r.FormValue("client")
-	http.Redirect(w, r, "/authorize/"+client, http.StatusFound)
+	http.Redirect(w, r, "/authorize/callback?id="+client, http.StatusFound)
 }