*: update go-oidc and use standard library's context package

2017-03-08 10:33:19 -08:00
parent 3e5480a859
commit 777eeafabc
16 changed files with 33 additions and 29 deletions
--- a/server/api.go
+++ b/server/api.go
@@ -5,6 +5,9 @@ import (
 	"fmt"

 	"golang.org/x/crypto/bcrypt"
+
+	// go-grpc doesn't use the standard library's context.
+	// https://github.com/grpc/grpc-go/issues/711
 	"golang.org/x/net/context"

 	"github.com/Sirupsen/logrus"
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -1,11 +1,10 @@
 package server

 import (
+	"context"
 	"net/http"
 	"net/http/httptest"
 	"testing"
-
-	"golang.org/x/net/context"
 )

 func TestHandleHealth(t *testing.T) {
--- a/server/rotation.go
+++ b/server/rotation.go
@@ -1,6 +1,7 @@
 package server

 import (
+	"context"
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/hex"
@@ -9,7 +10,6 @@ import (
 	"io"
 	"time"

-	"golang.org/x/net/context"
 	"gopkg.in/square/go-jose.v2"

 	"github.com/Sirupsen/logrus"
--- a/server/server.go
+++ b/server/server.go
@@ -1,6 +1,7 @@
 package server

 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
@@ -10,7 +11,6 @@ import (
 	"time"

 	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/net/context"

 	"github.com/Sirupsen/logrus"
 	"github.com/gorilla/handlers"
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -1,6 +1,7 @@
 package server

 import (
+	"context"
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/json"
@@ -24,7 +25,6 @@ import (
 	oidc "github.com/coreos/go-oidc"
 	"github.com/kylelemons/godebug/pretty"
 	"golang.org/x/crypto/bcrypt"
-	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	jose "gopkg.in/square/go-jose.v2"

@@ -175,6 +175,8 @@ func TestOAuth2CodeFlow(t *testing.T) {
 	// Connector used by the tests.
 	var conn *mock.Callback

+	oidcConfig := &oidc.Config{SkipClientIDCheck: true}
+
 	tests := []struct {
 		name string
 		// If specified these set of scopes will be used during the test case.
@@ -189,7 +191,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id token found")
 				}
-				if _, err := p.Verifier().Verify(ctx, idToken); err != nil {
+				if _, err := p.Verifier(oidcConfig).Verify(ctx, idToken); err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
 				return nil
@@ -212,7 +214,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id token found")
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
 				if err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
@@ -229,7 +231,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id token found")
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
 				if err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
@@ -391,7 +393,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
 				if !ok {
 					return fmt.Errorf("no id_token in refreshed token")
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
 				if err != nil {
 					return fmt.Errorf("failed to verify id token: %v", err)
 				}
@@ -632,7 +634,10 @@ func TestOAuth2ImplicitFlow(t *testing.T) {

 	src := &nonceSource{nonce: nonce}

-	idTokenVerifier := p.Verifier(oidc.VerifyAudience(client.ID), oidc.VerifyNonce(src))
+	idTokenVerifier := p.Verifier(&oidc.Config{
+		ClientID:   client.ID,
+		ClaimNonce: src.ClaimNonce,
+	})

 	oauth2Config = &oauth2.Config{
 		ClientID:     client.ID,
@@ -749,7 +754,7 @@ func TestCrossClientScopes(t *testing.T) {
 					t.Errorf("no id token found: %v", err)
 					return
 				}
-				idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+				idToken, err := p.Verifier(&oidc.Config{ClientID: testClientID}).Verify(ctx, rawIDToken)
 				if err != nil {
 					t.Errorf("failed to parse ID Token: %v", err)
 					return