Remove non-ctx version

Author: irees

server/auth/mw/jwtcheck/jwtcheck.go

@@ -9,7 +9,6 @@ import (
 	"net/http"
 	"os"
 	"strings"
-	"time"
 
 	keyfunc "github.com/MicahParks/keyfunc/v3"
 	"github.com/golang-jwt/jwt/v5"
@@ -39,22 +38,9 @@ func JWTMiddleware(jwtAudience string, jwtIssuer string, pubKeyPath string, useE
 
 // JWTMiddlewareOIDC checks and pulls user information from JWT in Authorization header.
 // The JWKS keys are discovered from the issuer's OpenID Connect discovery endpoint.
-func JWTMiddlewareOIDC(jwtAudience string, jwtIssuer string, useEmailAsId bool) (func(http.Handler) http.Handler, error) {
-	jwksURL, err := discoverJWKSURL(jwtIssuer)
-	if err != nil {
-		return nil, fmt.Errorf("OIDC discovery failed: %w", err)
-	}
-	kf, err := keyfunc.NewDefault([]string{jwksURL})
-	if err != nil {
-		return nil, fmt.Errorf("failed to create JWKS keyfunc: %w", err)
-	}
-	return newJWTHandler(kf.Keyfunc, jwtAudience, jwtIssuer, useEmailAsId), nil
-}
-
-// JWTMiddlewareOIDCCtx is like JWTMiddlewareOIDC but accepts a context that controls
-// the lifetime of the background JWKS refresh goroutine.
-func JWTMiddlewareOIDCCtx(ctx context.Context, jwtAudience string, jwtIssuer string, useEmailAsId bool) (func(http.Handler) http.Handler, error) {
-	jwksURL, err := discoverJWKSURLWithContext(ctx, jwtIssuer)
+// The context controls the lifetime of the background JWKS refresh goroutine.
+func JWTMiddlewareOIDC(ctx context.Context, jwtAudience string, jwtIssuer string, useEmailAsId bool) (func(http.Handler) http.Handler, error) {
+	jwksURL, err := discoverJWKSURL(ctx, jwtIssuer)
 	if err != nil {
 		return nil, fmt.Errorf("OIDC discovery failed: %w", err)
 	}
@@ -66,13 +52,7 @@ func JWTMiddlewareOIDCCtx(ctx context.Context, jwtAudience string, jwtIssuer str
 }
 
 // discoverJWKSURL fetches the OIDC discovery document from the issuer and returns the jwks_uri.
-func discoverJWKSURL(issuer string) (string, error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
-	return discoverJWKSURLWithContext(ctx, issuer)
-}
-
-func discoverJWKSURLWithContext(ctx context.Context, issuer string) (string, error) {
+func discoverJWKSURL(ctx context.Context, issuer string) (string, error) {
 	discoveryURL := strings.TrimRight(issuer, "/") + "/.well-known/openid-configuration"
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, discoveryURL, nil)
 	if err != nil {

server/auth/mw/jwtcheck/jwtcheck_test.go

@@ -35,7 +35,7 @@ func signToken(t *testing.T, key *rsa.PrivateKey, claims jwt.Claims) string {
 	return s
 }
 
-func TestDiscoverJWKSURLWithContext(t *testing.T) {
+func TestDiscoverJWKSURL(t *testing.T) {
 	t.Run("valid discovery document", func(t *testing.T) {
 		srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			assert.Equal(t, "/.well-known/openid-configuration", r.URL.Path)
@@ -44,7 +44,7 @@ func TestDiscoverJWKSURLWithContext(t *testing.T) {
 			})
 		}))
 		defer srv.Close()
-		url, err := discoverJWKSURLWithContext(context.Background(), srv.URL)
+		url, err := discoverJWKSURL(context.Background(), srv.URL)
 		assert.NoError(t, err)
 		assert.Equal(t, "https://example.com/.well-known/jwks.json", url)
 	})
@@ -54,7 +54,7 @@ func TestDiscoverJWKSURLWithContext(t *testing.T) {
 			json.NewEncoder(w).Encode(map[string]string{"issuer": "https://example.com"})
 		}))
 		defer srv.Close()
-		_, err := discoverJWKSURLWithContext(context.Background(), srv.URL)
+		_, err := discoverJWKSURL(context.Background(), srv.URL)
 		assert.ErrorContains(t, err, "missing jwks_uri")
 	})
 
@@ -63,7 +63,7 @@ func TestDiscoverJWKSURLWithContext(t *testing.T) {
 			w.WriteHeader(http.StatusNotFound)
 		}))
 		defer srv.Close()
-		_, err := discoverJWKSURLWithContext(context.Background(), srv.URL)
+		_, err := discoverJWKSURL(context.Background(), srv.URL)
 		assert.ErrorContains(t, err, "returned status 404")
 		assert.ErrorContains(t, err, srv.URL)
 	})
@@ -73,14 +73,14 @@ func TestDiscoverJWKSURLWithContext(t *testing.T) {
 			w.Write([]byte("not json"))
 		}))
 		defer srv.Close()
-		_, err := discoverJWKSURLWithContext(context.Background(), srv.URL)
+		_, err := discoverJWKSURL(context.Background(), srv.URL)
 		assert.ErrorContains(t, err, "failed to parse")
 	})
 
 	t.Run("respects context cancellation", func(t *testing.T) {
 		ctx, cancel := context.WithCancel(context.Background())
 		cancel() // cancel immediately
-		_, err := discoverJWKSURLWithContext(ctx, "http://localhost:0")
+		_, err := discoverJWKSURL(ctx, "http://localhost:0")
 		assert.Error(t, err)
 	})
 }