oidc: Uses JWTStrategy interface in openid.DefaultStrategy

Closes #252

HISTORY.md

@@ -6,6 +6,7 @@ bumps (`0.1.0` -> `0.2.0`).
 
 
 - [0.21.0](#0210)
+  - [`openid.DefaultStrategy` field name changed](#openiddefaultstrategy-field-name-changed)
   - [Adds `private_key_jwt` client authentication method](#adds-private_key_jwt-client-authentication-method)
   - [Response Type `id_token` no longer required for authorize_code flow](#response-type-id_token-no-longer-required-for-authorize_code-flow)
 - [0.20.0](#0200)
@@ -54,6 +55,10 @@ bumps (`0.1.0` -> `0.2.0`).
 
 This release improves compatibility with the OpenID Connect Dynamic Client Registration 1.0 specification.
 
+### `openid.DefaultStrategy` field name changed
+
+Field `RS256JWTStrategy` was renamed to `JWTStrategy` and now relies on an interface instead of a concrete struct.
+
 ### Adds `private_key_jwt` client authentication method
 
 This patch adds the ability to perform the [`private_key_jwt` client authentication method](http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)

authorize_request_handler_oidc_request_test.go

@@ -168,12 +168,12 @@ func TestAuthorizeRequestParametersFromOpenIDConnectRequest(t *testing.T) {
 			form:       url.Values{"scope": {"openid"}, "request_uri": {reqTS.URL}},
 			client:     &DefaultOpenIDConnectClient{JSONWebKeysURI: reqJWK.URL, RequestObjectSigningAlgorithm: "RS256"},
 			expectForm: url.Values{"scope": {"foo openid"}, "request_uri": {reqTS.URL}, "foo": {"bar"}, "baz": {"baz"}},
-			expectErr:ErrInvalidRequestURI,
+			expectErr:  ErrInvalidRequestURI,
 		},
 		{
 			d:          "should pass and set request_uri parameters properly and also fetch jwk from remote",
 			form:       url.Values{"scope": {"openid"}, "request_uri": {reqTS.URL}},
-			client:     &DefaultOpenIDConnectClient{JSONWebKeysURI: reqJWK.URL, RequestObjectSigningAlgorithm: "RS256", RequestURIs:[]string{reqTS.URL}},
+			client:     &DefaultOpenIDConnectClient{JSONWebKeysURI: reqJWK.URL, RequestObjectSigningAlgorithm: "RS256", RequestURIs: []string{reqTS.URL}},
 			expectForm: url.Values{"scope": {"foo openid"}, "request_uri": {reqTS.URL}, "foo": {"bar"}, "baz": {"baz"}},
 		},
 		{

compose/compose_strategy.go

@@ -57,7 +57,7 @@ func NewOAuth2JWTStrategy(key *rsa.PrivateKey, strategy *oauth2.HMACSHAStrategy)
 
 func NewOpenIDConnectStrategy(key *rsa.PrivateKey) *openid.DefaultStrategy {
 	return &openid.DefaultStrategy{
-		RS256JWTStrategy: &jwt.RS256JWTStrategy{
+		JWTStrategy: &jwt.RS256JWTStrategy{
 			PrivateKey: key,
 		},
 	}

errors.go

@@ -206,8 +206,8 @@ var (
 )
 
 const (
-	errInvalidRequestURI              = "invalid_request_uri"
-	errInvalidRequestObject              = "invalid_request_object"
+	errInvalidRequestURI            = "invalid_request_uri"
+	errInvalidRequestObject         = "invalid_request_object"
 	errConsentRequired              = "consent_required"
 	errInteractionRequired          = "interaction_required"
 	errLoginRequired                = "login_required"

handler/openid/flow_explicit_auth_test.go

@@ -35,7 +35,7 @@ import (
 )
 
 var j = &DefaultStrategy{
-	RS256JWTStrategy: &jwt.RS256JWTStrategy{
+	JWTStrategy: &jwt.RS256JWTStrategy{
 		PrivateKey: internal.MustRSAKey(),
 	},
 }
@@ -57,7 +57,7 @@ func TestExplicit_HandleAuthorizeEndpointRequest(t *testing.T) {
 		IDTokenHandleHelper: &IDTokenHandleHelper{
 			IDTokenStrategy: j,
 		},
-		OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.RS256JWTStrategy),
+		OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.JWTStrategy),
 	}
 	for k, c := range []struct {
 		description string

handler/openid/flow_hybrid_test.go

@@ -41,7 +41,7 @@ import (
 )
 
 var idStrategy = &DefaultStrategy{
-	RS256JWTStrategy: &jwt.RS256JWTStrategy{
+	JWTStrategy: &jwt.RS256JWTStrategy{
 		PrivateKey: internal.MustRSAKey(),
 	},
 }
@@ -95,7 +95,7 @@ func TestHybrid_HandleAuthorizeEndpointRequest(t *testing.T) {
 			IDTokenStrategy: idStrategy,
 		},
 		ScopeStrategy:                 fosite.HierarchicScopeStrategy,
-		OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.RS256JWTStrategy),
+		OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.JWTStrategy),
 		OpenIDConnectRequestStorage:   storage.NewMemoryStore(),
 	}
 

handler/openid/flow_implicit_test.go

@@ -55,7 +55,7 @@ func TestImplicit_HandleAuthorizeEndpointRequest(t *testing.T) {
 			IDTokenStrategy: idStrategy,
 		},
 		ScopeStrategy:                 fosite.HierarchicScopeStrategy,
-		OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.RS256JWTStrategy),
+		OpenIDConnectRequestValidator: NewOpenIDConnectRequestValidator(nil, j.JWTStrategy),
 	}
 
 	for k, c := range []struct {

handler/openid/helper_test.go

@@ -34,7 +34,7 @@ import (
 )
 
 var strat = &DefaultStrategy{
-	RS256JWTStrategy: &jwt.RS256JWTStrategy{
+	JWTStrategy: &jwt.RS256JWTStrategy{
 		PrivateKey: internal.MustRSAKey(),
 	},
 }

handler/openid/strategy_jwt.go

@@ -119,7 +119,7 @@ func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims {
 }
 
 type DefaultStrategy struct {
-	*jwt.RS256JWTStrategy
+	jwt.JWTStrategy
 
 	Expiry time.Duration
 	Issuer string
@@ -188,7 +188,7 @@ func (h DefaultStrategy) GenerateIDToken(_ context.Context, requester fosite.Req
 		}
 
 		if tokenHintString := requester.GetRequestForm().Get("id_token_hint"); tokenHintString != "" {
-			tokenHint, err := h.RS256JWTStrategy.Decode(tokenHintString)
+			tokenHint, err := h.JWTStrategy.Decode(tokenHintString)
 			if err != nil {
 				return "", errors.WithStack(fosite.ErrServerError.WithDebug(fmt.Sprintf("Unable to decode id token from id_token_hint parameter because %s", err.Error())))
 			}
@@ -231,6 +231,6 @@ func (h DefaultStrategy) GenerateIDToken(_ context.Context, requester fosite.Req
 	claims.Audience = stringsx.Unique(append(claims.Audience, requester.GetClient().GetID()))
 	claims.IssuedAt = time.Now().UTC()
 
-	token, _, err = h.RS256JWTStrategy.Generate(claims.ToMapClaims(), sess.IDTokenHeaders())
+	token, _, err = h.JWTStrategy.Generate(claims.ToMapClaims(), sess.IDTokenHeaders())
 	return token, err
 }