* Add an additional, optional, op.Storage interface so that refresh tokens
that are not JWTs do not cause failures when they randomly, sometimes, decrypt
without error
```go
// CanRefreshTokenInfo is an optional additional interface that Storage can support.
// Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that
// does not happen to also be a JWTs work properly.
type CanRefreshTokenInfo interface {
// GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented
// with a token that is not a refresh token.
GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)
}
```
* add comment suggested in code review
* review feedback: return an error defined in op rather than adding a new error to oidc
* move ErrInvalidRefresToken to op/storage.go
* oidc: add test case to reproduce #203
Running the tests will always result in a nil pointer
dereference on UserInfoAddress.
Co-authored-by: Livio Spring <livio.a@gmail.com>
* fix: nil pointer dereference on UserInfoAddress
userinfo.UnmarshalJSON now only sets the Address field
if it was present in the json.
userinfo.GetAddress will always return a non-nil value
of UserInfoAddress to allow for safe chaining of Get functions.
Fixes#203
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* rp/op integration test
do not error if OP does not provide a redirect
working, but with debugging
clean up, remove debugging
support go1.15
attempt to fix coverage calculation
* Update pkg/client/rp/integration_test.go
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
* feat: support EndSession with RelyingPart client
* do not error if OP does not provide a redirect
* undo that last change, but noice error returns from EndSession
* ioutil.ReadAll, for now
* chore: house cleaning of the caos name and update sec
* some typos
* make fix non breakable
* Update SECURITY.md
Co-authored-by: Livio Spring <livio.a@gmail.com>
* Update SECURITY.md
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
* oidc.RefreshTokenRequest cannot be used to in a request to refresh tokens
because it does not explicitly include grant_types.
* fix merge issue
* undo accidental formatting changes
* chore: make tokenEndpointCaller public
* add RelyingParty function
* undo changes made by gofumpt
* undo more gofumpt changes
* undo more gofumpt changes
* add comments documenting Storage and AuthStorage
* JWTTokenRequest is a pointer
* note that token strings are actually tokenIDs
* review feedback
* remove suggestion that CreateAccessToken could be called with retrun from AuthStorage.TokenRequestByRefreshToken
