* feat(op): user slog for logging
integrate with golang.org/x/exp/slog for logging.
provide a middleware for request scoped logging.
BREAKING CHANGES:
1. OpenIDProvider and sub-interfaces get a Logger()
method to return the configured logger;
2. AuthRequestError now takes the complete Authorizer,
instead of only the encoder. So that it may use its Logger() method.
3. RequestError now takes a Logger as argument.
* use zitadel/logging
* finish op and testing
without middleware for now
* minimum go version 1.19
* update go mod
* log value testing only on go 1.20 or later
* finish the RP and example
* ping logging release
BREAKING CHANGE, removes methods from DeviceAuthorizationStorage:
- GetDeviceAuthorizationByUserCode
- CompleteDeviceAuthorization
- DenyDeviceAuthorization
The methods are now moved to examples as something similar can be
userful for implementers.
* feat: get issuer from context for device auth
* use distinct UserFormURL and UserFormPath
- Properly deprecate UserFormURL and default to old behaviour,
to prevent breaking change.
- Refactor unit tests to test both cases.
* update example
When ParseAuthorizeRequest received an invalid URL,
for example containing a semi-colon `;`,
AuthRequestError used to panic.
This was because a typed nil was passed as a interface argument.
The nil check inside AuthRequestError always resulted in false,
allowing access through the nil pointer.
Fixes#315
* op: correct typo
rename checkURIAginstRedirects to checkURIAgainstRedirects
* chore: document standard deviation when using globs
add example on how to toggle the underlying
client implementation based on DevMode.
---------
Co-authored-by: David Sharnoff <dsharnoff@singlestore.com>
BREAKING CHANGE:
- The various verifier types are merged into a oidc.Verifir.
- oidc.Verfier became a struct with exported fields
* use type aliases for oidc.Verifier
this binds the correct contstructor to each verifier usecase.
* fix: handle the zero cases for oidc.Time
* add unit tests to oidc verifier
* fix: correct returned field for JWTTokenRequest
JWTTokenRequest.GetIssuedAt() was returning the ExpiresAt field.
This change corrects that by returning IssuedAt instead.
* oidc: add regression tests for token claim json
this helps to verify that the same JSON is produced,
after these types are refactored.
* refactor: use struct types for claim related types
BREAKING CHANGE:
The following types are changed from interface to struct type:
- AccessTokenClaims
- IDTokenClaims
- IntrospectionResponse
- UserInfo and related types.
The following methods of OPStorage now take a pointer to a struct type,
instead of an interface:
- SetUserinfoFromScopes
- SetUserinfoFromToken
- SetIntrospectionFromToken
The following functions are now generic, so that type-safe extension
of Claims is now possible:
- op.VerifyIDTokenHint
- op.VerifyAccessToken
- rp.VerifyTokens
- rp.VerifyIDToken
- Changed UserInfoAddress to pointer in UserInfo and
IntrospectionResponse.
This was needed to make omitempty work correctly.
- Copy or merge maps in IntrospectionResponse and SetUserInfo
* op: add example for VerifyAccessToken
* fix: rp: wrong assignment in WithIssuedAtMaxAge
WithIssuedAtMaxAge assigned its value to v.maxAge, which was wrong.
This change fixes that by assiging the duration to v.maxAgeIAT.
* rp: add VerifyTokens example
* oidc: add standard references to:
- IDTokenClaims
- IntrospectionResponse
- UserInfo
* only count coverage for `./pkg/...`
BREAKING CHANGE:
- op.NewOpenIDProvider
- op.NewDynamicOpenIDProvider
The call chain of above functions did not use the context anywhere.
This change removes the context from those fucntion arguments.
