changes for lighthouse 0.20.0

authcode.go

@@ -176,7 +176,7 @@ func (f FederationLeaf) GetAuthorizationURL(
 	if f.RequestURIGenerator != nil && opMetadata.RequestURIParameterSupported && len(resolved.TrustChain) > 0 {
 		ownResolved, err := DefaultMetadataResolver.ResolveResponsePayload(
 			apimodel.ResolveRequest{
-				Subject:     f.EntityID,
+				Subject:     f.EntityID(),
 				TrustAnchor: []string{resolved.TrustAnchor},
 				EntityTypes: []string{oidfedconst.EntityTypeOpenIDRelyingParty},
 			},
@@ -209,7 +209,7 @@ func (f FederationLeaf) GetAuthorizationURL(
 	} else {
 		q.Set("request", string(requestObject))
 	}
-	q.Set("client_id", f.EntityID)
+	q.Set("client_id", f.EntityID())
 	q.Set("response_type", "code")
 	q.Set("redirect_uri", redirectURI)
 	q.Set("scope", scope)
@@ -233,7 +233,7 @@ func (f FederationLeaf) CodeExchange(
 	params.Set("grant_type", "authorization_code")
 	params.Set("code", code)
 	params.Set("redirect_uri", redirectURI)
-	params.Set("client_id", f.EntityID)
+	params.Set("client_id", f.EntityID())
 
 	clientAssertion, err := f.oidcROProducer.ClientAssertion(
 		opMetadata.TokenEndpoint,

cache/cache.go

@@ -2,7 +2,6 @@ package cache
 
 import (
 	"encoding/base64"
-	"log"
 	"strings"
 	"time"
 
@@ -31,7 +30,7 @@ type cacheWrapper struct {
 func newCacheWrapper(defaultExpiration time.Duration) cacheWrapper {
 	c := gocache.NewCache().WithDefaultTTL(defaultExpiration)
 	if err := c.StartJanitor(); err != nil {
-		log.Fatal(err) // skipcq: RVV-A0003
+		internal.WithError(err).Error("Cache: failed to start janitor; proceeding without background cleanup")
 	}
 	return cacheWrapper{
 		c,

explicit.go

@@ -128,14 +128,17 @@ func (f FederationLeaf) DoExplicitClientRegistration(op string) (
 	if opMetadata == nil || opMetadata.FederationRegistrationEndpoint == "" {
 		return nil, nil, errors.New("op does not have a federation registration endpoint")
 	}
-	entityConfigurationData := f.EntityConfigurationPayload()
+	entityConfigurationData, err := f.EntityConfigurationPayload()
+	if err != nil {
+		return nil, nil, errors.Wrap(err, "could not get entity configuration payload")
+	}
 	AdjustRPMetadataToOP(entityConfigurationData.Metadata.RelyingParty, opMetadata)
 	entityConfigurationData.Audience = op
 	var headers jws.Headers
 	if len(resolved.TrustChain) > 0 {
 		ownResolved, err := DefaultMetadataResolver.ResolveResponsePayload(
 			apimodel.ResolveRequest{
-				Subject:     f.EntityID,
+				Subject:     f.EntityID(),
 				TrustAnchor: []string{resolved.TrustAnchor},
 				EntityTypes: []string{oidfedconst.EntityTypeOpenIDRelyingParty},
 			},
@@ -147,7 +150,7 @@ func (f FederationLeaf) DoExplicitClientRegistration(op string) (
 			_ = headers.Set("peer_trust_chain", resolved.TrustChain)
 		}
 	}
-	entityConfiguration, err := f.EntityStatementSigner.JWTWithHeaders(entityConfigurationData, headers)
+	entityConfiguration, err := f.SignEntityStatementWithHeaders(*entityConfigurationData, headers)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -180,7 +183,7 @@ func (f FederationLeaf) DoExplicitClientRegistration(op string) (
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "could not parse explicit registration response")
 	}
-	if res.Audience != f.EntityID {
+	if res.Audience != f.EntityID() {
 		return nil, nil,
 			errors.New("explicit client registration: OP returned unexpected audience")
 	}