Skip to content

Commit 0db9053

Browse files
committed
oidc: modernize with new Go APIs
Run `go fix` then do a few more fixes by hand.
1 parent 4204f0b commit 0db9053

7 files changed

Lines changed: 21 additions & 38 deletions

File tree

oidc/jwks_test.go

Lines changed: 9 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ func (k *keyServer) ServeHTTP(w http.ResponseWriter, r *http.Request) {
3737

3838
type signingKey struct {
3939
keyID string // optional
40-
priv interface{}
41-
pub interface{}
40+
priv any
41+
pub any
4242
alg jose.SignatureAlgorithm
4343
}
4444

@@ -173,8 +173,7 @@ func TestKeyVerifyContextCanceled(t *testing.T) {
173173
}
174174

175175
func testKeyVerify(t *testing.T, good, bad *signingKey, verification ...*signingKey) {
176-
ctx, cancel := context.WithCancel(context.Background())
177-
defer cancel()
176+
ctx := t.Context()
178177

179178
keySet := jose.JSONWebKeySet{}
180179
for _, v := range verification {
@@ -222,8 +221,7 @@ func testKeyVerify(t *testing.T, good, bad *signingKey, verification ...*signing
222221
}
223222

224223
func TestRotation(t *testing.T) {
225-
ctx, cancel := context.WithCancel(context.Background())
226-
defer cancel()
224+
ctx := t.Context()
227225

228226
key1 := newRSAKey(t)
229227
key2 := newRSAKey(t)
@@ -287,8 +285,7 @@ func TestRotation(t *testing.T) {
287285
}
288286

289287
func TestUpdateKeysSendsCacheControlNoCache(t *testing.T) {
290-
ctx, cancel := context.WithCancel(context.Background())
291-
defer cancel()
288+
ctx := t.Context()
292289

293290
key := newRSAKey(t)
294291
var requestHeaders []http.Header
@@ -325,21 +322,19 @@ func TestUpdateKeysSendsCacheControlNoCache(t *testing.T) {
325322
}
326323
}
327324

328-
329325
func BenchmarkVerify(b *testing.B) {
330-
ctx, cancel := context.WithCancel(context.Background())
331-
defer cancel()
326+
ctx := b.Context()
332327

333328
key := newRSAKey(b)
334329

335330
now := time.Date(2022, 1, 29, 0, 0, 0, 0, time.UTC)
336331
exp := now.Add(time.Hour)
337-
payload := []byte(fmt.Sprintf(`{
332+
payload := fmt.Appendf(nil, `{
338333
"iss": "https://example.com",
339334
"sub": "test_user",
340335
"aud": "test_client_id",
341336
"exp": %d
342-
}`, exp.Unix()))
337+
}`, exp.Unix())
343338

344339
idToken := key.sign(b, payload)
345340
server := &keyServer{
@@ -361,8 +356,7 @@ func BenchmarkVerify(b *testing.B) {
361356
b.Fatalf("verifying id token: %v", err)
362357
}
363358

364-
b.ResetTimer()
365-
for i := 0; i < b.N; i++ {
359+
for b.Loop() {
366360
if _, err := verifier.Verify(ctx, idToken); err != nil {
367361
b.Fatalf("verifying id token: %v", err)
368362
}

oidc/logout.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"encoding/json"
66
"errors"
77
"fmt"
8+
"slices"
89
"time"
910
)
1011

@@ -163,7 +164,7 @@ func (v *IDTokenVerifier) VerifyLogout(ctx context.Context, rawLogoutToken strin
163164

164165
if !v.config.SkipClientIDCheck {
165166
if v.config.ClientID != "" {
166-
if !contains(t.Audience, v.config.ClientID) {
167+
if !slices.Contains(t.Audience, v.config.ClientID) {
167168
return nil, fmt.Errorf("oidc: expected logout token audience %q got %q", v.config.ClientID, t.Audience)
168169
}
169170
} else {

oidc/oidc.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -301,7 +301,7 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
301301
//
302302
// For a list of fields defined by the OpenID Connect spec see:
303303
// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
304-
func (p *Provider) Claims(v interface{}) error {
304+
func (p *Provider) Claims(v any) error {
305305
if p.rawClaims == nil {
306306
return errors.New("oidc: claims not set")
307307
}
@@ -340,7 +340,7 @@ type userInfoRaw struct {
340340
}
341341

342342
// Claims unmarshals the raw JSON object claims into the provided object.
343-
func (u *UserInfo) Claims(v interface{}) error {
343+
func (u *UserInfo) Claims(v any) error {
344344
if u.claims == nil {
345345
return errors.New("oidc: claims not set")
346346
}
@@ -465,7 +465,7 @@ type IDToken struct {
465465
// if err := idToken.Claims(&claims); err != nil {
466466
// // handle error
467467
// }
468-
func (i *IDToken) Claims(v interface{}) error {
468+
func (i *IDToken) Claims(v any) error {
469469
if i.claims == nil {
470470
return errors.New("oidc: claims not set")
471471
}
@@ -570,7 +570,7 @@ func (j *jsonTime) UnmarshalJSON(b []byte) error {
570570
return nil
571571
}
572572

573-
func unmarshalResp(r *http.Response, body []byte, v interface{}) error {
573+
func unmarshalResp(r *http.Response, body []byte, v any) error {
574574
err := json.Unmarshal(body, &v)
575575
if err == nil {
576576
return nil

oidc/oidc_test.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -280,8 +280,7 @@ func TestNewProvider(t *testing.T) {
280280
}
281281
for _, test := range tests {
282282
t.Run(test.name, func(t *testing.T) {
283-
ctx, cancel := context.WithCancel(context.Background())
284-
defer cancel()
283+
ctx := t.Context()
285284

286285
var issuer string
287286
hf := func(w http.ResponseWriter, r *http.Request) {

oidc/oidctest/oidctest.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ func newToken(priv crypto.PrivateKey, keyID, alg, claims string) (string, error)
9191
Key: priv,
9292
}
9393
opts := &jose.SignerOptions{
94-
ExtraHeaders: map[jose.HeaderKey]interface{}{
94+
ExtraHeaders: map[jose.HeaderKey]any{
9595
jose.HeaderKey("kid"): keyID,
9696
},
9797
}

oidc/verify.go

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ import (
66
"fmt"
77
"io"
88
"net/http"
9+
"slices"
910
"time"
1011

1112
jose "github.com/go-jose/go-jose/v4"
@@ -142,15 +143,6 @@ func (p *Provider) newVerifier(keySet KeySet, config *Config) *IDTokenVerifier {
142143
return NewVerifier(p.issuer, keySet, config)
143144
}
144145

145-
func contains(sli []string, ele string) bool {
146-
for _, s := range sli {
147-
if s == ele {
148-
return true
149-
}
150-
}
151-
return false
152-
}
153-
154146
// Returns the Claims from the distributed JWT token
155147
func resolveDistributedClaim(ctx context.Context, verifier *IDTokenVerifier, src claimSource) ([]byte, error) {
156148
req, err := http.NewRequest("GET", src.Endpoint, nil)
@@ -257,7 +249,7 @@ func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDTok
257249
// This check DOES NOT ensure that the ClientID is the party to which the ID Token was issued (i.e. Authorized party).
258250
if !v.config.SkipClientIDCheck {
259251
if v.config.ClientID != "" {
260-
if !contains(t.Audience, v.config.ClientID) {
252+
if !slices.Contains(t.Audience, v.config.ClientID) {
261253
return nil, fmt.Errorf("oidc: expected audience %q got %q", v.config.ClientID, t.Audience)
262254
}
263255
} else {

oidc/verify_test.go

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,6 @@
11
package oidc
22

33
import (
4-
"context"
54
"crypto"
65
"encoding/base64"
76
"errors"
@@ -523,8 +522,7 @@ type resolverTest struct {
523522
func (v resolverTest) testEndpoint(t *testing.T) ([]byte, error) {
524523
token := v.signKey.sign(t, []byte(v.payload))
525524

526-
ctx, cancel := context.WithCancel(context.Background())
527-
defer cancel()
525+
ctx := t.Context()
528526

529527
s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
530528
got := r.Header.Get("Authorization")
@@ -590,8 +588,7 @@ func (v verificationTest) runGetToken(t *testing.T) (*IDToken, error) {
590588
token += "."
591589
}
592590

593-
ctx, cancel := context.WithCancel(context.Background())
594-
defer cancel()
591+
ctx := t.Context()
595592

596593
issuer := "https://foo"
597594
if v.issuer != "" {

0 commit comments

Comments
 (0)