fixes

example/internal/mock/storage.go

@@ -27,7 +27,9 @@ func (a *AuthRequest) GetAMR() []string {
 }
 
 func (a *AuthRequest) GetAudience() []string {
-	return []string{}
+	return []string{
+		a.ID,
+	}
 }
 
 func (a *AuthRequest) GetClientID() string {
@@ -76,7 +78,7 @@ func (s *Storage) GetClientByClientID(id string) (op.Client, error) {
 	return &ConfClient{applicationType: appType}, nil
 }
 func (s *Storage) AuthRequestByCode(op.Client, string, string) (op.AuthRequest, error) {
-	return &AuthRequest{ID: "id"}, nil
+	return &AuthRequest{ID: "native"}, nil
 }
 func (s *Storage) AuthorizeClientIDSecret(string, string) (op.Client, error) {
 	return &ConfClient{}, nil
@@ -117,6 +119,7 @@ func (c *ConfClient) RedirectURIs() []string {
 	return []string{
 		"https://registered.com/callback",
 		"http://localhost:9999/callback",
+		"http://localhost:5556/auth/callback",
 		"custom://callback",
 	}
 }

pkg/op/op.go

@@ -44,7 +44,7 @@ func Start(ctx context.Context, o OpenIDProvider) {
 	go func() {
 		err := o.HttpHandler().ListenAndServe()
 		if err != nil {
-			logrus.Panic("oidc server serve failed")
+			logrus.Panicf("oidc server serve failed: %v", err)
 		}
 	}()
 	logrus.Infof("oidc server is listening on %s", o.Port())

pkg/op/tokenrequest.go

@@ -15,6 +15,7 @@ import (
 )
 
 type Exchanger interface {
+	Issuer() string
 	Storage() Storage
 	Decoder() *schema.Decoder
 	Signer() Signer
@@ -58,7 +59,7 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
 		ExchangeRequestError(w, r, err)
 		return
 	}
-	idToken, err := CreateIDToken("", authReq, "", time.Now(), time.Now(), "", exchanger.Signer())
+	idToken, err := CreateIDToken(exchanger.Issuer(), authReq, "", time.Now(), time.Now(), "", exchanger.Signer())
 	if err != nil {
 		ExchangeRequestError(w, r, err)
 		return