merge develop/v2 (#716)

* Fix typo (#705) * Merge develop/v2 for v2.0.0-beta2 (#697) (#711) * disable verification/validation for benchmarking * Introduce jwk.CachedSet to make the common operation of using cached JWKS easier (#689) * First round implementing jwk.CachedSet * Change jwk.Set interface * appease linter * add docs * Fix example code * fix jwk.Set usage * Add codecov.yml * Add more tests * appease linter * tweak docs, examples, go versions * Update deps for go1.18 * run autodoc when mering to develop/v2 (#691) * Fix autodoc (#692) * run autodoc when mering to develop/v2 * Create a PR isntead of a push * Pass token, fix branch name (#693) * Add a special rule for develop/v* branch (#695) * autodoc updates (#696) Co-authored-by: lestrrat <lestrrat@users.noreply.github.com> * Update Changes * Update Changes Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: lestrrat <lestrrat@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: lestrrat <lestrrat@users.noreply.github.com> * House cleaning (#712) * house-cleaning and minor optimizations * accidentally reverted * Bump github.com/goccy/go-json from 0.9.6 to 0.9.7 (#709) * Bump github.com/goccy/go-json from 0.9.6 to 0.9.7 Bumps [github.com/goccy/go-json](https://github.com/goccy/go-json) from 0.9.6 to 0.9.7. - [Release notes](https://github.com/goccy/go-json/releases) - [Changelog](https://github.com/goccy/go-json/blob/master/CHANGELOG.md) - [Commits](goccy/go-json@v0.9.6...v0.9.7) --- updated-dependencies: - dependency-name: github.com/goccy/go-json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * make tidy Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daisuke Maki <lestrrat+github@gmail.com> * Add "missing required claims" error (#714) * Return `RequiredClaimValidationError` error when required claim is missing * slightly rework #713 * Hide error type from users -> We would like to expose APIs, not data types (where applicable) * Expose a function to create the error * Changed the underlying error type to implement ValidationError interface * appease linter Co-authored-by: Stefano Arlandini <sarlandini@alice.it> * Update changes (#715) Co-authored-by: Zach Collier <zamicol@gmail.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: lestrrat <lestrrat@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Stefano Arlandini <sarlandini@alice.it>
lestrrat-go · Apr 24, 2022 · 8f97f60 · 8f97f60
1 parent f1cdead
commit 8f97f60
Show file tree

Hide file tree

Showing 29 changed files with 164 additions and 311 deletions.
diff --git a/Changes b/Changes
@@ -4,6 +4,21 @@ Changes
 v2 has many incompatibilities with v1. To see the full list of differences between
 v1 and v2, please read the Changes-v2.md file (https://github.com/lestrrat-go/jwx/blob/develop/v2/Changes-v2.md)
 
+v2.0.0 - 24 Apr 2022
+  * This i the first v2 release, which represents a set of design changes
+    that were learnt over the previous 2 years. As a result the v2 API
+    should be much more consistent and uniform across packages, and
+    should be much more flexible to accomodate real-world needs.
+
+    For a complete list of changes, please see the Changes-v2.md file,
+    or check the diff at https://github.com/lestrrat-go/jwx/compare/v1...v2
+
+[Miscellaneous]
+  * Minor house cleaning on code generation tools
+
+[jwt]
+  * `jwt.ErrMissingRequiredClaim()` has been added
+
 v2.0.0-beta2 - 16 Apr 2022
 [jwk]
   * Updated `jwk.Set` API and reflected pending changes from v1 which were

diff --git a/README.md b/README.md
@@ -188,7 +188,7 @@ That is, if you need to not only parse JWTs, but also to control JWKs, or
 if you need to handle payloads that are NOT JWTs, you should probably consider
 using this module. You should also note that JWT is built _on top_ of those
 other technologies. You simply cannot have a complete JWT package without
-implementing the entirety of JWS/JWS/JWK, which this library does.
+implementing the entirety of JWS/JWE/JWK, which this library does.
 
 Next, from an implementation perspective, this module differs significantly
 from others in that it tries very hard to expose only the APIs, and not the

diff --git a/bench/performance/go.sum b/bench/performance/go.sum
@@ -3,8 +3,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
-github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
-github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
 github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=

diff --git a/cmd/jwx/go.mod b/cmd/jwx/go.mod
@@ -11,7 +11,7 @@ require (
 require (
 	github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
-	github.com/goccy/go-json v0.9.6 // indirect
+	github.com/goccy/go-json v0.9.7 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.1 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc v1.0.1 // indirect

diff --git a/cmd/jwx/go.sum b/cmd/jwx/go.sum
@@ -7,8 +7,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
-github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
-github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
 github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=

diff --git a/examples/go.sum b/examples/go.sum
@@ -6,8 +6,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
-github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
-github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
 github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=

diff --git a/go.mod b/go.mod
@@ -4,18 +4,11 @@ go 1.16
 
 require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1
-	github.com/goccy/go-json v0.9.6
+	github.com/goccy/go-json v0.9.7
 	github.com/lestrrat-go/blackmagic v1.0.1
 	github.com/lestrrat-go/httprc v1.0.1
 	github.com/lestrrat-go/iter v1.0.2
 	github.com/lestrrat-go/option v1.0.0
 	github.com/stretchr/testify v1.7.1
 	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
 )
-
-require (
-	github.com/davecgh/go-spew v1.1.0 // indirect
-	github.com/lestrrat-go/httpcc v1.0.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
-)
diff --git a/go.sum b/go.sum
@@ -3,8 +3,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 h1:YLtO71vCjJRCBcrPMtQ9nqBsqpA1m5sE92cU+pd5Mcc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
-github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
-github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.9.7 h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=
+github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/lestrrat-go/blackmagic v1.0.1 h1:lS5Zts+5HIC/8og6cGHb0uCcNCa3OUt1ygh3Qz2Fe80=
 github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU=
 github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=

diff --git a/jwk/ecdsa_gen.go b/jwk/ecdsa_gen.go
@@ -400,6 +400,8 @@ func (k *ecdsaPublicKey) SetDecodeCtx(dc json.DecodeCtx) {
 }
 
 func (h *ecdsaPublicKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
 	h.algorithm = nil
 	h.crv = nil
 	h.keyID = nil
@@ -982,6 +984,8 @@ func (k *ecdsaPrivateKey) SetDecodeCtx(dc json.DecodeCtx) {
 }
 
 func (h *ecdsaPrivateKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
 	h.algorithm = nil
 	h.crv = nil
 	h.d = nil

diff --git a/jwk/okp_gen.go b/jwk/okp_gen.go
@@ -376,6 +376,8 @@ func (k *okpPublicKey) SetDecodeCtx(dc json.DecodeCtx) {
 }
 
 func (h *okpPublicKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
 	h.algorithm = nil
 	h.crv = nil
 	h.keyID = nil
@@ -928,6 +930,8 @@ func (k *okpPrivateKey) SetDecodeCtx(dc json.DecodeCtx) {
 }
 
 func (h *okpPrivateKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
 	h.algorithm = nil
 	h.crv = nil
 	h.d = nil

diff --git a/jwk/rsa_gen.go b/jwk/rsa_gen.go
@@ -379,6 +379,8 @@ func (k *rsaPublicKey) SetDecodeCtx(dc json.DecodeCtx) {
 }
 
 func (h *rsaPublicKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
 	h.algorithm = nil
 	h.e = nil
 	h.keyID = nil
@@ -1036,6 +1038,8 @@ func (k *rsaPrivateKey) SetDecodeCtx(dc json.DecodeCtx) {
 }
 
 func (h *rsaPrivateKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
 	h.algorithm = nil
 	h.d = nil
 	h.dp = nil

diff --git a/jwk/symmetric_gen.go b/jwk/symmetric_gen.go
@@ -349,6 +349,8 @@ func (k *symmetricKey) SetDecodeCtx(dc json.DecodeCtx) {
 }
 
 func (h *symmetricKey) UnmarshalJSON(buf []byte) error {
+	h.mu.Lock()
+	defer h.mu.Unlock()
 	h.algorithm = nil
 	h.keyID = nil
 	h.keyOps = nil

diff --git a/jws/headers_gen.go b/jws/headers_gen.go
@@ -175,6 +175,22 @@ func (h *stdHeaders) X509URL() string {
 	return *(h.x509URL)
 }
 
+func (h *stdHeaders) clear() {
+	h.algorithm = nil
+	h.contentType = nil
+	h.critical = nil
+	h.jwk = nil
+	h.jwkSetURL = nil
+	h.keyID = nil
+	h.typ = nil
+	h.x509CertChain = nil
+	h.x509CertThumbprint = nil
+	h.x509CertThumbprintS256 = nil
+	h.x509URL = nil
+	h.privateParams = nil
+	h.raw = nil
+}
+
 func (h *stdHeaders) DecodeCtx() DecodeCtx {
 	h.mu.RLock()
 	defer h.mu.RUnlock()
@@ -425,17 +441,9 @@ func (h *stdHeaders) Remove(key string) error {
 }
 
 func (h *stdHeaders) UnmarshalJSON(buf []byte) error {
-	h.algorithm = nil
-	h.contentType = nil
-	h.critical = nil
-	h.jwk = nil
-	h.jwkSetURL = nil
-	h.keyID = nil
-	h.typ = nil
-	h.x509CertChain = nil
-	h.x509CertThumbprint = nil
-	h.x509CertThumbprintS256 = nil
-	h.x509URL = nil
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.clear()
 	dec := json.NewDecoder(bytes.NewReader(buf))
 LOOP:
 	for {

diff --git a/jwt/jwt_test.go b/jwt/jwt_test.go
@@ -1291,6 +1291,13 @@ func TestGH430(t *testing.T) {
 	}
 }
 
+func TestGH706(t *testing.T) {
+	tok := jwt.New()
+	if !assert.ErrorIs(t, jwt.ErrMissingRequiredClaim(""), jwt.Validate(tok, jwt.WithRequiredClaim("foo")), `jwt.Validate should fail`) {
+		return
+	}
+}
+
 func TestBenHigginsByPassRegression(t *testing.T) {
 	key, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {

diff --git a/jwt/openid/token_gen.go b/jwt/openid/token_gen.go
@@ -1161,8 +1161,6 @@ LOOP:
 }
 
 func (t stdToken) MarshalJSON() ([]byte, error) {
-	t.mu.RLock()
-	defer t.mu.RUnlock()
 	buf := pool.GetBytesBuffer()
 	defer pool.ReleaseBytesBuffer(buf)
 	buf.WriteByte('{')

diff --git a/jwt/token_gen.go b/jwt/token_gen.go
@@ -462,8 +462,6 @@ LOOP:
 }
 
 func (t stdToken) MarshalJSON() ([]byte, error) {
-	t.mu.RLock()
-	defer t.mu.RUnlock()
 	buf := pool.GetBytesBuffer()
 	defer pool.ReleaseBytesBuffer(buf)
 	buf.WriteByte('{')

diff --git a/jwt/validate.go b/jwt/validate.go
@@ -159,6 +159,22 @@ func (err *validationError) Unwrap() error {
 	return err.error
 }
 
+type missingRequiredClaimError struct {
+	claim string
+}
+
+func (err *missingRequiredClaimError) Error() string {
+	return fmt.Sprintf("%q not satisfied: required claim not found", err.claim)
+}
+
+func (err *missingRequiredClaimError) Is(target error) bool {
+	_, ok := target.(*missingRequiredClaimError)
+	return ok
+}
+
+func (err *missingRequiredClaimError) isValidationError() {}
+func (*missingRequiredClaimError) Unwrap() error          { return nil }
+
 var errTokenExpired = NewValidationError(fmt.Errorf(`"exp" not satisfied`))
 var errInvalidIssuedAt = NewValidationError(fmt.Errorf(`"iat" not satisfied`))
 var errTokenNotYetValid = NewValidationError(fmt.Errorf(`"nbf" not satisfied`))
@@ -179,6 +195,11 @@ func ErrTokenNotYetValid() ValidationError {
 	return errTokenNotYetValid
 }
 
+// ErrMissingRequiredClaim creates a new error for missing required claims.
+func ErrMissingRequiredClaim(name string) ValidationError {
+	return &missingRequiredClaimError{claim: name}
+}
+
 // Validator describes interface to validate a Token.
 type Validator interface {
 	// Validate should return an error if a required conditions is not met.
@@ -377,9 +398,10 @@ func IsRequired(name string) Validator {
 type isRequired string
 
 func (ir isRequired) Validate(_ context.Context, t Token) ValidationError {
-	_, ok := t.Get(string(ir))
+	name := string(ir)
+	_, ok := t.Get(name)
 	if !ok {
-		return NewValidationError(fmt.Errorf(`%q not satisfied: required claim not found`, string(ir)))
+		return ErrMissingRequiredClaim(name)
 	}
 	return nil
 }
diff --git a/tools/cmd/genjwe/go.mod b/tools/cmd/genjwe/go.mod
@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/goccy/go-yaml v1.9.4
-	github.com/lestrrat-go/codegen v1.0.4-0.20220329032654-7b542c9fb49b
+	github.com/lestrrat-go/codegen v1.0.4-0.20220422093832-3f381ea644e3
 	github.com/stretchr/testify v1.7.1 // indirect
 	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 )
diff --git a/tools/cmd/genjwe/go.sum b/tools/cmd/genjwe/go.sum
@@ -13,8 +13,8 @@ github.com/goccy/go-yaml v1.9.4 h1:S0GCYjwHKVI6IHqio7QWNKNThUl6NLzFd/g8Z65Axw8=
 github.com/goccy/go-yaml v1.9.4/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
 github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
-github.com/lestrrat-go/codegen v1.0.4-0.20220329032654-7b542c9fb49b h1:PQ+SVFMytiSbfozcIQbp4Kb7/xe6NPiHdFNVQxnynlk=
-github.com/lestrrat-go/codegen v1.0.4-0.20220329032654-7b542c9fb49b/go.mod h1:B5zvyPBGsMtVrUaM9q0doiP+oyw05CI/dpFU9T1TUFo=
+github.com/lestrrat-go/codegen v1.0.4-0.20220422093832-3f381ea644e3 h1:ePhghrkFCIQH5Wnq5R5H5iw+RXdYkc53M/bcc7ylqpQ=
+github.com/lestrrat-go/codegen v1.0.4-0.20220422093832-3f381ea644e3/go.mod h1:B5zvyPBGsMtVrUaM9q0doiP+oyw05CI/dpFU9T1TUFo=
 github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/xstrings v0.0.0-20210804220435-4dd8b234342b h1:3laG8JWIeDGb7lf00nMRznLdCHy0aZPd/CGz7Okn1SY=

diff --git a/tools/cmd/genjwe/main.go b/tools/cmd/genjwe/main.go
@@ -55,24 +55,6 @@ func yaml2json(fn string) ([]byte, error) {
 	return json.Marshal(v)
 }
 
-func boolFromField(f codegen.Field, field string) (bool, error) {
-	v, ok := f.Extra(field)
-	if !ok {
-		return false, fmt.Errorf("%q does not exist in %q", field, f.Name(true))
-	}
-
-	b, ok := v.(bool)
-	if !ok {
-		return false, fmt.Errorf("%q should be a bool in %q", field, f.Name(true))
-	}
-	return b, nil
-}
-
-func fieldHasAccept(f codegen.Field) bool {
-	v, _ := boolFromField(f, "hasAccept")
-	return v
-}
-
 func IsPointer(f codegen.Field) bool {
 	return strings.HasPrefix(f.Type(), `*`)
 }
@@ -234,7 +216,7 @@ func generateHeaders(obj *codegen.Object) error {
 	o.L("switch name {")
 	for _, f := range obj.Fields() {
 		o.L("case %sKey:", f.Name(true))
-		if fieldHasAccept(f) {
+		if f.Bool(`hasAccept`) {
 			o.L("var acceptor %s", PointerElem(f))
 			o.L("if err := acceptor.Accept(value); err != nil {")
 			o.L("return fmt.Errorf(`invalid value for %%s key: %%w`, %sKey, err)", f.Name(true))

diff --git a/tools/cmd/genjwk/go.mod b/tools/cmd/genjwk/go.mod
@@ -4,7 +4,7 @@ go 1.16
 
 require (
 	github.com/goccy/go-yaml v1.9.4
-	github.com/lestrrat-go/codegen v1.0.4-0.20220329032654-7b542c9fb49b
+	github.com/lestrrat-go/codegen v1.0.4-0.20220422093832-3f381ea644e3
 	github.com/stretchr/testify v1.7.1 // indirect
 	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 )
diff --git a/tools/cmd/genjwk/go.sum b/tools/cmd/genjwk/go.sum
@@ -13,8 +13,8 @@ github.com/goccy/go-yaml v1.9.4 h1:S0GCYjwHKVI6IHqio7QWNKNThUl6NLzFd/g8Z65Axw8=
 github.com/goccy/go-yaml v1.9.4/go.mod h1:U/jl18uSupI5rdI2jmuCswEA2htH9eXfferR3KfscvA=
 github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
-github.com/lestrrat-go/codegen v1.0.4-0.20220329032654-7b542c9fb49b h1:PQ+SVFMytiSbfozcIQbp4Kb7/xe6NPiHdFNVQxnynlk=
-github.com/lestrrat-go/codegen v1.0.4-0.20220329032654-7b542c9fb49b/go.mod h1:B5zvyPBGsMtVrUaM9q0doiP+oyw05CI/dpFU9T1TUFo=
+github.com/lestrrat-go/codegen v1.0.4-0.20220422093832-3f381ea644e3 h1:ePhghrkFCIQH5Wnq5R5H5iw+RXdYkc53M/bcc7ylqpQ=
+github.com/lestrrat-go/codegen v1.0.4-0.20220422093832-3f381ea644e3/go.mod h1:B5zvyPBGsMtVrUaM9q0doiP+oyw05CI/dpFU9T1TUFo=
 github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/xstrings v0.0.0-20210804220435-4dd8b234342b h1:3laG8JWIeDGb7lf00nMRznLdCHy0aZPd/CGz7Okn1SY=