refactoring

pkg/oidc/keyset.go

@@ -6,21 +6,19 @@ import (
 	"gopkg.in/square/go-jose.v2"
 )
 
-// KeySet is a set of publc JSON Web Keys that can be used to validate the signature
-// of JSON web tokens. This is expected to be backed by a remote key set through
-// provider metadata discovery or an in-memory set of keys delivered out-of-band.
+//KeySet represents a set of JSON Web Keys
+// - remotely fetch via discovery and jwks_uri -> `remoteKeySet`
+// - held by the OP itself in storage -> `openIDKeySet`
+// - dynamically aggregated by request for OAuth JWT Profile Assertion -> `jwtProfileKeySet`
 type KeySet interface {
-	// VerifySignature parses the JSON web token, verifies the signature, and returns
-	// the raw payload. Header and claim fields are validated by other parts of the
-	// package. For example, the KeySet does not need to check values such as signature
-	// algorithm, issuer, and audience since the IDTokenVerifier validates these values
-	// independently.
-	//
-	// If VerifySignature makes HTTP requests to verify the token, it's expected to
-	// use any HTTP client associated with the context through ClientContext.
+	//VerifySignature verifies the signature with the given keyset and returns the raw payload
 	VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error)
 }
 
+//CheckKey searches the given JSON Web Keys for the requested key ID
+//and verifies the JSON Web Signature with the found key
+//
+//will return false but no error if key ID is not found
 func CheckKey(keyID string, jws *jose.JSONWebSignature, keys ...jose.JSONWebKey) ([]byte, error, bool) {
 	for _, key := range keys {
 		if keyID == "" || key.KeyID == keyID {

pkg/oidc/session.go

@@ -1,5 +1,7 @@
 package oidc
 
+//EndSessionRequest for the RP-Initiated Logout according to:
+//https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
 type EndSessionRequest struct {
 	IdTokenHint           string `schema:"id_token_hint"`
 	PostLogoutRedirectURI string `schema:"post_logout_redirect_uri"`

pkg/oidc/userinfo.go

@@ -257,27 +257,27 @@ func (u *userinfo) AppendClaims(key string, value interface{}) {
 }
 
 func (u *userInfoAddress) GetFormatted() string {
-	panic("implement me")
+	return u.Formatted
 }
 
 func (u *userInfoAddress) GetStreetAddress() string {
-	panic("implement me")
+	return u.StreetAddress
 }
 
 func (u *userInfoAddress) GetLocality() string {
-	panic("implement me")
+	return u.Locality
 }
 
 func (u *userInfoAddress) GetRegion() string {
-	panic("implement me")
+	return u.Region
 }
 
 func (u *userInfoAddress) GetPostalCode() string {
-	panic("implement me")
+	return u.PostalCode
 }
 
 func (u *userInfoAddress) GetCountry() string {
-	panic("implement me")
+	return u.Country
 }
 
 type userInfoProfile struct {
@@ -338,7 +338,6 @@ func (i *userinfo) MarshalJSON() ([]byte, error) {
 	if !i.Locale.IsRoot() {
 		a.Locale = i.Locale
 	}
-	fmt.Println(time.Time(i.UpdatedAt).String())
 	if !time.Time(i.UpdatedAt).IsZero() {
 		a.UpdatedAt = time.Time(i.UpdatedAt).Unix()
 	}
@@ -354,7 +353,7 @@ func (i *userinfo) MarshalJSON() ([]byte, error) {
 
 	claims, err := json.Marshal(i.claims)
 	if err != nil {
-		return nil, fmt.Errorf("jws: invalid map of private claims %v", i.claims)
+		return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims)
 	}
 	return utils.ConcatenateJSON(b, claims)
 }
@@ -363,7 +362,6 @@ func (i *userinfo) UnmarshalJSON(data []byte) error {
 	type Alias userinfo
 	a := &struct {
 		*Alias
-		//Locale    interface{} `json:"locale,omitempty"`
 		UpdatedAt int64 `json:"update_at,omitempty"`
 	}{
 		Alias: (*Alias)(i),
@@ -371,9 +369,6 @@ func (i *userinfo) UnmarshalJSON(data []byte) error {
 	if err := json.Unmarshal(data, &a); err != nil {
 		return err
 	}
-	//if !i.Locale.IsRoot() {
-	//	a.Locale = i.Locale
-	//}
 
 	i.UpdatedAt = Time(time.Unix(a.UpdatedAt, 0).UTC())