build prerelease

feat(rp): provide key by data (not only path) for jwt profile
2022-04-06 11:07:43 +02:00 · 2022-04-06 08:54:32 +02:00
3 changed files with 45 additions and 2 deletions
--- a/.releaserc.js
+++ b/.releaserc.js
@ -1,5 +1,5 @@
 module.exports = {
-    branches: ["main"],
+    branches: ["main", {name: "beta", prerelease: true}],
    plugins: [
        "@semantic-release/commit-analyzer",
        "@semantic-release/release-notes-generator",
--- a/example/client/app/app.go
+++ b/example/client/app/app.go
@ -40,7 +40,7 @@ func main() {
 		options = append(options, rp.WithPKCE(cookieHandler))
 	}
 	if keyPath != "" {
-		options = append(options, rp.WithClientKey(keyPath))
+		options = append(options, rp.WithJWTProfile(rp.SignerFromKeyPath(keyPath)))
 	}

 	provider, err := rp.NewRelyingPartyOIDC(issuer, clientID, clientSecret, redirectURI, scopes, options...)
--- a/pkg/client/rp/relaying_party.go
+++ b/pkg/client/rp/relaying_party.go
@ -233,6 +233,9 @@ func WithVerifierOpts(opts ...VerifierOption) Option {
 	}
 }

+// WithClientKey specifies the path to the key.json to be used for the JWT Profile Client Authentication on the token endpoint
+//
+//deprecated: use WithJWTProfile(SignerFromKeyPath(path)) instead
 func WithClientKey(path string) Option {
 	return func(rp *relyingParty) error {
 		config, err := client.ConfigFromKeyFile(path)
@ -244,6 +247,46 @@ func WithClientKey(path string) Option {
 	}
 }

+// WithJWTProfile creates a signer used for the JWT Profile Client Authentication on the token endpoint
+func WithJWTProfile(signerFromKey SignerFromKey) Option {
+	return func(rp *relyingParty) error {
+		signer, err := signerFromKey()
+		if err != nil {
+			return err
+		}
+		rp.signer = signer
+		return nil
+	}
+}
+
+type SignerFromKey func() (jose.Signer, error)
+
+func SignerFromKeyPath(path string) SignerFromKey {
+	return func() (jose.Signer, error) {
+		config, err := client.ConfigFromKeyFile(path)
+		if err != nil {
+			return nil, err
+		}
+		return client.NewSignerFromPrivateKeyByte([]byte(config.Key), config.KeyID)
+	}
+}
+
+func SignerFromKeyFile(fileData []byte) SignerFromKey {
+	return func() (jose.Signer, error) {
+		config, err := client.ConfigFromKeyFileData(fileData)
+		if err != nil {
+			return nil, err
+		}
+		return client.NewSignerFromPrivateKeyByte([]byte(config.Key), config.KeyID)
+	}
+}
+
+func SignerFromKeyAndKeyID(key []byte, keyID string) SignerFromKey {
+	return func() (jose.Signer, error) {
+		return client.NewSignerFromPrivateKeyByte(key, keyID)
+	}
+}
+
 //Discover calls the discovery endpoint of the provided issuer and returns the found endpoints
 //
 //deprecated: use client.Discover
Author	SHA1	Message	Date
Livio Amstutz	df3b0d7269	build prerelease	2022-04-06 11:07:43 +02:00
Livio Amstutz	dda0628528	feat(rp): provide key by data (not only path) for jwt profile	2022-04-06 08:54:32 +02:00