diff --git a/pkg/oidc/keyset.go b/pkg/oidc/keyset.go index abe55d1..0d8e02c 100644 --- a/pkg/oidc/keyset.go +++ b/pkg/oidc/keyset.go @@ -6,21 +6,19 @@ import ( "gopkg.in/square/go-jose.v2" ) -// KeySet is a set of publc JSON Web Keys that can be used to validate the signature -// of JSON web tokens. This is expected to be backed by a remote key set through -// provider metadata discovery or an in-memory set of keys delivered out-of-band. +//KeySet represents a set of JSON Web Keys +// - remotely fetch via discovery and jwks_uri -> `remoteKeySet` +// - held by the OP itself in storage -> `openIDKeySet` +// - dynamically aggregated by request for OAuth JWT Profile Assertion -> `jwtProfileKeySet` type KeySet interface { - // VerifySignature parses the JSON web token, verifies the signature, and returns - // the raw payload. Header and claim fields are validated by other parts of the - // package. For example, the KeySet does not need to check values such as signature - // algorithm, issuer, and audience since the IDTokenVerifier validates these values - // independently. - // - // If VerifySignature makes HTTP requests to verify the token, it's expected to - // use any HTTP client associated with the context through ClientContext. + //VerifySignature verifies the signature with the given keyset and returns the raw payload VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error) } +//CheckKey searches the given JSON Web Keys for the requested key ID +//and verifies the JSON Web Signature with the found key +// +//will return false but no error if key ID is not found func CheckKey(keyID string, jws *jose.JSONWebSignature, keys ...jose.JSONWebKey) ([]byte, error, bool) { for _, key := range keys { if keyID == "" || key.KeyID == keyID { diff --git a/pkg/oidc/session.go b/pkg/oidc/session.go index 418439e..d6735b4 100644 --- a/pkg/oidc/session.go +++ b/pkg/oidc/session.go @@ -1,5 +1,7 @@ package oidc +//EndSessionRequest for the RP-Initiated Logout according to: +//https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout type EndSessionRequest struct { IdTokenHint string `schema:"id_token_hint"` PostLogoutRedirectURI string `schema:"post_logout_redirect_uri"` diff --git a/pkg/oidc/userinfo.go b/pkg/oidc/userinfo.go index 31de85f..3c77b7b 100644 --- a/pkg/oidc/userinfo.go +++ b/pkg/oidc/userinfo.go @@ -257,27 +257,27 @@ func (u *userinfo) AppendClaims(key string, value interface{}) { } func (u *userInfoAddress) GetFormatted() string { - panic("implement me") + return u.Formatted } func (u *userInfoAddress) GetStreetAddress() string { - panic("implement me") + return u.StreetAddress } func (u *userInfoAddress) GetLocality() string { - panic("implement me") + return u.Locality } func (u *userInfoAddress) GetRegion() string { - panic("implement me") + return u.Region } func (u *userInfoAddress) GetPostalCode() string { - panic("implement me") + return u.PostalCode } func (u *userInfoAddress) GetCountry() string { - panic("implement me") + return u.Country } type userInfoProfile struct { @@ -338,7 +338,6 @@ func (i *userinfo) MarshalJSON() ([]byte, error) { if !i.Locale.IsRoot() { a.Locale = i.Locale } - fmt.Println(time.Time(i.UpdatedAt).String()) if !time.Time(i.UpdatedAt).IsZero() { a.UpdatedAt = time.Time(i.UpdatedAt).Unix() } @@ -354,7 +353,7 @@ func (i *userinfo) MarshalJSON() ([]byte, error) { claims, err := json.Marshal(i.claims) if err != nil { - return nil, fmt.Errorf("jws: invalid map of private claims %v", i.claims) + return nil, fmt.Errorf("jws: invalid map of custom claims %v", i.claims) } return utils.ConcatenateJSON(b, claims) } @@ -363,7 +362,6 @@ func (i *userinfo) UnmarshalJSON(data []byte) error { type Alias userinfo a := &struct { *Alias - //Locale interface{} `json:"locale,omitempty"` UpdatedAt int64 `json:"update_at,omitempty"` }{ Alias: (*Alias)(i), @@ -371,9 +369,6 @@ func (i *userinfo) UnmarshalJSON(data []byte) error { if err := json.Unmarshal(data, &a); err != nil { return err } - //if !i.Locale.IsRoot() { - // a.Locale = i.Locale - //} i.UpdatedAt = Time(time.Unix(a.UpdatedAt, 0).UTC())