chore(linting): apply gofumpt & goimports to all .go files (#225)

example/client/service/service.go

@@ -16,9 +16,7 @@ import (
 	"github.com/zitadel/oidc/pkg/client/profile"
 )
 
-var (
+var client = http.DefaultClient
-	client = http.DefaultClient
-)
 
 func main() {
 	keyPath := os.Getenv("KEY_PATH")
@@ -145,7 +143,6 @@ func main() {
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 		}
-
 	})
 	lis := fmt.Sprintf("127.0.0.1:%s", port)
 	logrus.Infof("listening on http://%s/", lis)

pkg/client/client.go

@@ -15,20 +15,17 @@ import (
 	"github.com/zitadel/oidc/pkg/oidc"
 )
 
-var (
+var Encoder = func() httphelper.Encoder {
-	Encoder = func() httphelper.Encoder {
 	e := schema.NewEncoder()
 	e.RegisterEncoder(oidc.SpaceDelimitedArray{}, func(value reflect.Value) string {
 		return value.Interface().(oidc.SpaceDelimitedArray).Encode()
 	})
 	return e
 }()
-)
 
 // Discover calls the discovery endpoint of the provided issuer and returns its configuration
 // It accepts an optional argument "wellknownUrl" which can be used to overide the dicovery endpoint url
 func Discover(issuer string, httpClient *http.Client, wellKnownUrl ...string) (*oidc.DiscoveryConfiguration, error) {
-
 	wellKnown := strings.TrimSuffix(issuer, "/") + oidc.DiscoveryEndpoint
 	if len(wellKnownUrl) == 1 && wellKnownUrl[0] != "" {
 		wellKnown = wellKnownUrl[0]

pkg/client/rp/relying_party.go

@@ -23,9 +23,7 @@ const (
 	pkceCode   = "pkce"
 )
 
-var (
+var ErrUserInfoSubNotMatching = errors.New("sub from userinfo does not match the sub from the id_token")
-	ErrUserInfoSubNotMatching = errors.New("sub from userinfo does not match the sub from the id_token")
-)
 
 // RelyingParty declares the minimal interface for oidc clients
 type RelyingParty interface {
@@ -65,11 +63,9 @@ type RelyingParty interface {
 
 type ErrorHandler func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string)
 
-var (
+var DefaultErrorHandler ErrorHandler = func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string) {
-	DefaultErrorHandler ErrorHandler = func(w http.ResponseWriter, r *http.Request, errorType string, errorDesc string, state string) {
 	http.Error(w, errorType+": "+errorDesc, http.StatusInternalServerError)
 }
-)
 
 type relyingParty struct {
 	issuer            string

pkg/client/rs/resource_server.go

@@ -43,6 +43,7 @@ func NewResourceServerClientCredentials(issuer, clientID, clientSecret string, o
 	}
 	return newResourceServer(issuer, authorizer, option...)
 }
+
 func NewResourceServerJWTProfile(issuer, clientID, keyID string, key []byte, options ...Option) (ResourceServer, error) {
 	signer, err := client.NewSignerFromPrivateKeyByte(key, keyID)
 	if err != nil {

pkg/crypto/crypto.go

@@ -9,9 +9,7 @@ import (
 	"io"
 )
 
-var (
+var ErrCipherTextBlockSize = errors.New("ciphertext block size is too short")
-	ErrCipherTextBlockSize = errors.New("ciphertext block size is too short")
-)
 
 func EncryptAES(data string, key string) (string, error) {
 	encrypted, err := EncryptBytesAES([]byte(data), key)

pkg/crypto/hash.go

@@ -11,9 +11,7 @@ import (
 	"gopkg.in/square/go-jose.v2"
 )
 
-var (
+var ErrUnsupportedAlgorithm = errors.New("unsupported signing algorithm")
-	ErrUnsupportedAlgorithm = errors.New("unsupported signing algorithm")
-)
 
 func GetHashAlgorithm(sigAlgorithm jose.SignatureAlgorithm) (hash.Hash, error) {
 	switch sigAlgorithm {

pkg/http/http.go

@@ -12,15 +12,14 @@ import (
 	"time"
 )
 
-var (
+var DefaultHTTPClient = &http.Client{
-	DefaultHTTPClient = &http.Client{
 	Timeout: 30 * time.Second,
 }
-)
 
 type Decoder interface {
 	Decode(dst interface{}, src map[string][]string) error
 }
+
 type Encoder interface {
 	Encode(src interface{}, dst map[string][]string) error
 }

pkg/oidc/token_request.go

@@ -35,7 +35,8 @@ const (
 var AllGrantTypes = []GrantType{
 	GrantTypeCode, GrantTypeRefreshToken, GrantTypeClientCredentials,
 	GrantTypeBearer, GrantTypeTokenExchange, GrantTypeImplicit,
-	ClientAssertionTypeJWTAssertion}
+	ClientAssertionTypeJWTAssertion,
+}
 
 type GrantType string
 

pkg/oidc/verifier.go

@@ -202,6 +202,7 @@ func CheckAuthorizationContextClassReference(claims Claims, acr ACRVerifier) err
 	}
 	return nil
 }
+
 func CheckAuthTime(claims Claims, maxAge time.Duration) error {
 	if maxAge == 0 {
 		return nil

pkg/op/auth_request_test.go

@@ -364,191 +364,245 @@ func TestValidateAuthReqRedirectURI(t *testing.T) {
 	}{
 		{
 			"empty fails",
-			args{"",
+			args{
+				"",
 				mock.NewClientWithConfig(t, []string{"https://registered.com/callback"}, op.ApplicationTypeWeb, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"unregistered https fails",
-			args{"https://unregistered.com/callback",
+			args{
+				"https://unregistered.com/callback",
 				mock.NewClientWithConfig(t, []string{"https://registered.com/callback"}, op.ApplicationTypeWeb, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"unregistered http fails",
-			args{"http://unregistered.com/callback",
+			args{
+				"http://unregistered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://registered.com/callback"}, op.ApplicationTypeWeb, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow registered https web ok",
-			args{"https://registered.com/callback",
+			args{
+				"https://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"https://registered.com/callback"}, op.ApplicationTypeWeb, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow registered https native ok",
-			args{"https://registered.com/callback",
+			args{
+				"https://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"https://registered.com/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow registered https user agent ok",
-			args{"https://registered.com/callback",
+			args{
+				"https://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"https://registered.com/callback"}, op.ApplicationTypeUserAgent, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow registered http confidential (web) ok",
-			args{"http://registered.com/callback",
+			args{
+				"http://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://registered.com/callback"}, op.ApplicationTypeWeb, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow registered http not confidential (native) fails",
-			args{"http://registered.com/callback",
+			args{
+				"http://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://registered.com/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow registered http not confidential (user agent) fails",
-			args{"http://registered.com/callback",
+			args{
+				"http://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://registered.com/callback"}, op.ApplicationTypeUserAgent, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow registered http localhost native ok",
-			args{"http://localhost:4200/callback",
+			args{
+				"http://localhost:4200/callback",
 				mock.NewClientWithConfig(t, []string{"http://localhost/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow registered http loopback v4 native ok",
-			args{"http://127.0.0.1:4200/callback",
+			args{
+				"http://127.0.0.1:4200/callback",
 				mock.NewClientWithConfig(t, []string{"http://127.0.0.1/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow registered http loopback v6 native ok",
-			args{"http://[::1]:4200/callback",
+			args{
+				"http://[::1]:4200/callback",
 				mock.NewClientWithConfig(t, []string{"http://[::1]/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow unregistered http native fails",
-			args{"http://unregistered.com/callback",
+			args{
+				"http://unregistered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://locahost/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow unregistered custom native fails",
-			args{"unregistered://callback",
+			args{
+				"unregistered://callback",
 				mock.NewClientWithConfig(t, []string{"registered://callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow unregistered loopback native fails",
-			args{"http://[::1]:4200/unregistered",
+			args{
+				"http://[::1]:4200/unregistered",
 				mock.NewClientWithConfig(t, []string{"http://[::1]:4200/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow registered custom not native (web) fails",
-			args{"custom://callback",
+			args{
+				"custom://callback",
 				mock.NewClientWithConfig(t, []string{"custom://callback"}, op.ApplicationTypeWeb, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow registered custom not native (user agent) fails",
-			args{"custom://callback",
+			args{
+				"custom://callback",
 				mock.NewClientWithConfig(t, []string{"custom://callback"}, op.ApplicationTypeUserAgent, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			true,
 		},
 		{
 			"code flow registered custom native ok",
-			args{"custom://callback",
+			args{
+				"custom://callback",
 				mock.NewClientWithConfig(t, []string{"custom://callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"code flow dev mode http ok",
-			args{"http://registered.com/callback",
+			args{
+				"http://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://registered.com/callback"}, op.ApplicationTypeUserAgent, nil, true),
-				oidc.ResponseTypeCode},
+				oidc.ResponseTypeCode,
+			},
 			false,
 		},
 		{
 			"implicit flow registered ok",
-			args{"https://registered.com/callback",
+			args{
+				"https://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"https://registered.com/callback"}, op.ApplicationTypeUserAgent, nil, false),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			false,
 		},
 		{
 			"implicit flow unregistered fails",
-			args{"https://unregistered.com/callback",
+			args{
+				"https://unregistered.com/callback",
 				mock.NewClientWithConfig(t, []string{"https://registered.com/callback"}, op.ApplicationTypeUserAgent, nil, false),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			true,
 		},
 		{
 			"implicit flow registered http localhost native ok",
-			args{"http://localhost:9999/callback",
+			args{
+				"http://localhost:9999/callback",
 				mock.NewClientWithConfig(t, []string{"http://localhost:9999/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			false,
 		},
 		{
 			"implicit flow registered http localhost web fails",
-			args{"http://localhost:9999/callback",
+			args{
+				"http://localhost:9999/callback",
 				mock.NewClientWithConfig(t, []string{"http://localhost:9999/callback"}, op.ApplicationTypeWeb, nil, false),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			true,
 		},
 		{
 			"implicit flow registered http localhost user agent fails",
-			args{"http://localhost:9999/callback",
+			args{
+				"http://localhost:9999/callback",
 				mock.NewClientWithConfig(t, []string{"http://localhost:9999/callback"}, op.ApplicationTypeUserAgent, nil, false),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			true,
 		},
 		{
 			"implicit flow http non localhost fails",
-			args{"http://registered.com/callback",
+			args{
+				"http://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://registered.com/callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			true,
 		},
 		{
 			"implicit flow custom fails",
-			args{"custom://callback",
+			args{
+				"custom://callback",
 				mock.NewClientWithConfig(t, []string{"custom://callback"}, op.ApplicationTypeNative, nil, false),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			false,
 		},
 		{
 			"implicit flow dev mode http ok",
-			args{"http://registered.com/callback",
+			args{
+				"http://registered.com/callback",
 				mock.NewClientWithConfig(t, []string{"http://registered.com/callback"}, op.ApplicationTypeUserAgent, nil, true),
-				oidc.ResponseTypeIDToken},
+				oidc.ResponseTypeIDToken,
+			},
 			false,
 		},
 	}
@@ -647,20 +701,26 @@ func TestValidateAuthReqResponseType(t *testing.T) {
 	}{
 		{
 			"empty response type",
-			args{"",
+			args{
-				mock.NewClientWithConfig(t, nil, op.ApplicationTypeNative, []oidc.ResponseType{oidc.ResponseTypeCode}, true)},
+				"",
+				mock.NewClientWithConfig(t, nil, op.ApplicationTypeNative, []oidc.ResponseType{oidc.ResponseTypeCode}, true),
+			},
 			true,
 		},
 		{
 			"response type missing in client config",
-			args{oidc.ResponseTypeIDToken,
+			args{
-				mock.NewClientWithConfig(t, nil, op.ApplicationTypeNative, []oidc.ResponseType{oidc.ResponseTypeCode}, true)},
+				oidc.ResponseTypeIDToken,
+				mock.NewClientWithConfig(t, nil, op.ApplicationTypeNative, []oidc.ResponseType{oidc.ResponseTypeCode}, true),
+			},
 			true,
 		},
 		{
 			"valid response type",
-			args{oidc.ResponseTypeCode,
+			args{
-				mock.NewClientWithConfig(t, nil, op.ApplicationTypeNative, []oidc.ResponseType{oidc.ResponseTypeCode}, true)},
+				oidc.ResponseTypeCode,
+				mock.NewClientWithConfig(t, nil, op.ApplicationTypeNative, []oidc.ResponseType{oidc.ResponseTypeCode}, true),
+			},
 			false,
 		},
 	}

pkg/op/mock/authorizer.mock.impl.go

@@ -68,6 +68,7 @@ type Verifier struct{}
 func (v *Verifier) Verify(ctx context.Context, accessToken, idToken string) (*oidc.IDTokenClaims, error) {
 	return nil, nil
 }
+
 func (v *Verifier) VerifyIDToken(ctx context.Context, idToken string) (*oidc.IDTokenClaims, error) {
 	return nil, nil
 }

pkg/op/mock/client.go

@@ -20,7 +20,8 @@ func NewClientExpectAny(t *testing.T, appType op.ApplicationType) op.Client {
 		"https://registered.com/callback",
 		"http://registered.com/callback",
 		"http://localhost:9999/callback",
-		"custom://callback"})
+		"custom://callback",
+	})
 	m.EXPECT().ApplicationType().AnyTimes().Return(appType)
 	m.EXPECT().LoginURL(gomock.Any()).AnyTimes().DoAndReturn(
 		func(id string) string {

pkg/op/mock/storage.mock.impl.go

@@ -44,6 +44,7 @@ func NewMockStorageSigningKeyInvalid(t *testing.T) op.Storage {
 	ExpectSigningKeyInvalid(m)
 	return m
 }
+
 func NewMockStorageSigningKey(t *testing.T) op.Storage {
 	m := NewStorage(t)
 	ExpectSigningKey(m)
@@ -120,6 +121,7 @@ func (c *ConfClient) RedirectURIs() []string {
 		"custom://callback",
 	}
 }
+
 func (c *ConfClient) PostLogoutRedirectURIs() []string {
 	return []string{}
 }
@@ -143,34 +145,43 @@ func (c *ConfClient) GetID() string {
 func (c *ConfClient) AccessTokenLifetime() time.Duration {
 	return 5 * time.Minute
 }
+
 func (c *ConfClient) IDTokenLifetime() time.Duration {
 	return 5 * time.Minute
 }
+
 func (c *ConfClient) AccessTokenType() op.AccessTokenType {
 	return c.accessTokenType
 }
+
 func (c *ConfClient) ResponseTypes() []oidc.ResponseType {
 	return c.responseTypes
 }
+
 func (c *ConfClient) GrantTypes() []oidc.GrantType {
 	return c.grantTypes
 }
+
 func (c *ConfClient) DevMode() bool {
 	return c.devMode
 }
+
 func (c *ConfClient) AllowedScopes() []string {
 	return nil
 }
+
 func (c *ConfClient) RestrictAdditionalIdTokenScopes() func(scopes []string) []string {
 	return func(scopes []string) []string {
 		return scopes
 	}
 }
+
 func (c *ConfClient) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string {
 	return func(scopes []string) []string {
 		return scopes
 	}
 }
+
 func (c *ConfClient) IsScopeAllowed(scope string) bool {
 	return false
 }

pkg/op/op.go

@@ -29,8 +29,7 @@ const (
 	defaultKeysEndpoint          = "keys"
 )
 
-var (
+var DefaultEndpoints = &endpoints{
-	DefaultEndpoints = &endpoints{
 	Authorization: NewEndpoint(defaultAuthorizationEndpoint),
 	Token:         NewEndpoint(defaultTokenEndpoint),
 	Introspection: NewEndpoint(defaultIntrospectEndpoint),
@@ -39,7 +38,6 @@ var (
 	EndSession:    NewEndpoint(defaultEndSessionEndpoint),
 	JwksURI:       NewEndpoint(defaultKeysEndpoint),
 }
-)
 
 type OpenIDProvider interface {
 	Configuration

pkg/op/probes.go

@@ -39,6 +39,7 @@ func ReadySigner(s Signer) ProbesFn {
 		return s.Health(ctx)
 	}
 }
+
 func ReadyStorage(s Storage) ProbesFn {
 	return func(ctx context.Context) error {
 		if s == nil {