cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(op): split the access and ID token hint verifiers (#525)

Browse source 
* feat(op): split the access and ID token hint verifiers

In zitadel we require different behaviors wrt public key expiry between access tokens and ID token hints.
This change splits the two verifiers in the OP.
The default is still based on Storage and passed to both verifier fields.

* add new options to tests
This commit is contained in:
Tim Möhlmann 2024-01-26 17:44:50 +02:00 committed by GitHub
parent 437a0497ab
commit e9bd7d7bac
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 39 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pkg/op/op_test.go
View file

@ -58,8 +58,12 @@ func init() {
}
func newTestProvider(config *op.Config) op.OpenIDProvider {
provider, err := op.NewOpenIDProvider(testIssuer, config,
storage.NewStorage(storage.NewUserStore(testIssuer)), op.WithAllowInsecure(),
storage := storage.NewStorage(storage.NewUserStore(testIssuer))
keySet := &op.OpenIDKeySet{storage}
provider, err := op.NewOpenIDProvider(testIssuer, config, storage,
op.WithAllowInsecure(),
op.WithAccessTokenKeySet(keySet),
op.WithIDTokenHintKeySet(keySet),
)
if err != nil {
panic(err)