refactoring

pkg/oidc/keyset.go

@@ -6,21 +6,19 @@ import (
 	"gopkg.in/square/go-jose.v2"
 )
 
-// KeySet is a set of publc JSON Web Keys that can be used to validate the signature
-// of JSON web tokens. This is expected to be backed by a remote key set through
-// provider metadata discovery or an in-memory set of keys delivered out-of-band.
+//KeySet represents a set of JSON Web Keys
+// - remotely fetch via discovery and jwks_uri -> `remoteKeySet`
+// - held by the OP itself in storage -> `openIDKeySet`
+// - dynamically aggregated by request for OAuth JWT Profile Assertion -> `jwtProfileKeySet`
 type KeySet interface {
-	// VerifySignature parses the JSON web token, verifies the signature, and returns
-	// the raw payload. Header and claim fields are validated by other parts of the
-	// package. For example, the KeySet does not need to check values such as signature
-	// algorithm, issuer, and audience since the IDTokenVerifier validates these values
-	// independently.
-	//
-	// If VerifySignature makes HTTP requests to verify the token, it's expected to
-	// use any HTTP client associated with the context through ClientContext.
+	//VerifySignature verifies the signature with the given keyset and returns the raw payload
 	VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error)
 }
 
+//CheckKey searches the given JSON Web Keys for the requested key ID
+//and verifies the JSON Web Signature with the found key
+//
+//will return false but no error if key ID is not found
 func CheckKey(keyID string, jws *jose.JSONWebSignature, keys ...jose.JSONWebKey) ([]byte, error, bool) {
 	for _, key := range keys {
 		if keyID == "" || key.KeyID == keyID {