Merge branch 'envoy-cleanup' into 'main'

Delete code that is now handled by envoy See merge request gitlab-org/software-supply-chain-security/authorization/sparkled!7
author: mo khan <mo@mokhan.ca> 2025-05-15 14:42:08 -0600
committer: mo khan <mo@mokhan.ca> 2025-05-15 14:42:08 -0600
commit: c151c1a77d31c5e01885691b6df1ea7b0be0b0e5 (patch)
tree: 254aed8be6abaffaeba71df5bcb35d41d52bb2b2 /pkg
parent: 3d01a69471fc4f0ae9f2f4145620b6aea50f2216 (diff)
parent: b6968005e1e1758e37edc7830c02e2217ee5fd90 (diff)
9 files changed, 13 insertions, 254 deletions
diff --git a/pkg/oidc/custom_claims.go b/pkg/oidc/custom_claims.go
deleted file mode 100644
index 0d89d89..0000000
--- a/pkg/oidc/custom_claims.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package oidc
-
-type CustomClaims struct {
-	Name       string   `json:"name"`
-	Nickname   string   `json:"nickname"`
-	Email      string   `json:"email"`
-	ProfileURL string   `json:"profile"`
-	Picture    string   `json:"picture"`
-	Groups     []string `json:"groups_direct"`
-}
diff --git a/pkg/oidc/id_token.go b/pkg/oidc/id_token.go
deleted file mode 100644
index ce3fb23..0000000
--- a/pkg/oidc/id_token.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package oidc
-
-import "github.com/coreos/go-oidc/v3/oidc"
-
-/*
-Example ID Token from GitLab OIDC Provider:
-
-```json
-
-	{
-		"iss": "http://gdk.test:3000",
-		"sub": "1",
-		"aud": "e31e1da0b8f6b6e35ca70c790b13c0406e44aca6b2bf67f55de7355a979a224f",
-		"exp": 1745427493,
-		"iat": 1745427373,
-		"auth_time": 1745418001,
-		"sub_legacy": "2474cf0b2211688a57297ace0e260a15944754d16b1bd42c9d6779c900367807",
-		"name": "Administrator",
-		"nickname": "root",
-		"preferred_username": "root",
-		"email": "admin@example.com",
-		"email_verified": true,
-		"profile": "http://gdk.test:3000/root",
-		"picture": "https://www.gravatar.com/avatar/258d8dc916db8cea2cafb6c3cd0cb0246efe061421dbd83ec3a350428cabda4f?s=80&d=identicon",
-		"groups_direct": [
-			"gitlab-org",
-			"toolbox",
-			"mass_insert_group__0_100",
-			"custom-roles-root-group/aa",
-			"custom-roles-root-group/aa/aaa",
-			"gnuwget",
-			"Commit451",
-			"jashkenas",
-			"flightjs",
-			"twitter",
-			"gitlab-examples",
-			"gitlab-examples/security",
-			"412708",
-			"gitlab-examples/demo-group",
-			"custom-roles-root-group",
-			"434044-group-1",
-			"434044-group-2",
-			"gitlab-org1",
-			"gitlab-org/secure",
-			"gitlab-org/secure/managers",
-			"gitlab-org/security-products",
-			"gitlab-org/security-products/analyzers"
-		]
-	}
-
-```
-*/
-type IDToken = oidc.IDToken
diff --git a/pkg/oidc/oidc.go b/pkg/oidc/oidc.go
deleted file mode 100644
index 4704f63..0000000
--- a/pkg/oidc/oidc.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package oidc
-
-import (
-	"context"
-
-	"github.com/coreos/go-oidc/v3/oidc"
-	"golang.org/x/oauth2"
-)
-
-type OpenID struct {
-	Provider   *oidc.Provider
-	Config     *oauth2.Config
-	OIDCConfig *oidc.Config
-}
-
-func New(provider *oidc.Provider, clientID, clientSecret, callbackURL string) *OpenID {
-	return &OpenID{
-		Provider: provider,
-		Config: &oauth2.Config{
-			ClientID:     clientID,
-			ClientSecret: clientSecret,
-			RedirectURL:  callbackURL,
-			Endpoint:     provider.Endpoint(),
-			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
-		},
-		OIDCConfig: &oidc.Config{
-			ClientID: clientID,
-		},
-	}
-}
-
-func (o *OpenID) ValidateIDToken(ctx context.Context, rawIDToken RawToken) (*IDToken, error) {
-	verifier := o.Provider.VerifierContext(ctx, o.OIDCConfig)
-	idToken, err := verifier.Verify(ctx, rawIDToken.String())
-	return idToken, err
-}
diff --git a/pkg/oidc/oidc_test.go b/pkg/oidc/oidc_test.go
deleted file mode 100644
index a3dc7e4..0000000
--- a/pkg/oidc/oidc_test.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package oidc
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestOpenID(t *testing.T) {
-	srv := NewTestServer(t)
-	defer srv.Close()
-
-	t.Run("GET /.well-known/openid-configuration", func(t *testing.T) {
-		openID := New(
-			srv.Provider,
-			srv.MockOIDC.ClientID,
-			srv.MockOIDC.ClientSecret,
-			"https://example.com/oauth/callback",
-		)
-
-		assert.Equal(t, srv.AuthorizationEndpoint(), openID.Provider.Endpoint().AuthURL)
-		assert.Equal(t, srv.TokenEndpoint(), openID.Provider.Endpoint().TokenURL)
-	})
-}
diff --git a/pkg/oidc/raw_token.go b/pkg/oidc/raw_token.go
deleted file mode 100644
index 08bd1e5..0000000
--- a/pkg/oidc/raw_token.go
+++ /dev/null
@@ -1,7 +0,0 @@
-package oidc
-
-type RawToken string
-
-func (r RawToken) String() string {
-	return string(r)
-}
diff --git a/pkg/oidc/tokens.go b/pkg/oidc/tokens.go
deleted file mode 100644
index 70d3a3d..0000000
--- a/pkg/oidc/tokens.go
+++ /dev/null
@@ -1,37 +0,0 @@
-package oidc
-
-import (
-	"bytes"
-	"encoding/base64"
-	"encoding/json"
-
-	"github.com/xlgmokha/x/pkg/serde"
-	"golang.org/x/oauth2"
-)
-
-type Tokens struct {
-	*oauth2.Token
-	IDToken RawToken `json:"id_token"`
-}
-
-func (t *Tokens) ToBase64String() (string, error) {
-	data, err := json.Marshal(t)
-	if err != nil {
-		return "", err
-	}
-	return base64.URLEncoding.EncodeToString(data), nil
-}
-
-func TokensFromBase64String(encoded string) (*Tokens, error) {
-	decoded, err := base64.URLEncoding.DecodeString(encoded)
-	if err != nil {
-		return nil, err
-	}
-
-	tokens, err := serde.FromJSON[*Tokens](bytes.NewBuffer(decoded))
-	if err != nil {
-		return nil, err
-	}
-
-	return tokens, nil
-}
diff --git a/pkg/oidc/tokens_test.go b/pkg/oidc/tokens_test.go
deleted file mode 100644
index 42c470d..0000000
--- a/pkg/oidc/tokens_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package oidc
-
-import (
-	"bytes"
-	"encoding/json"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/xlgmokha/x/pkg/serde"
-	"golang.org/x/oauth2"
-)
-
-func TestTokens(t *testing.T) {
-	t.Run("serializes to JSON", func(t *testing.T) {
-		tokens := &Tokens{
-			Token: &oauth2.Token{
-				AccessToken:  "access_token",
-				TokenType:    "Bearer",
-				RefreshToken: "refresh_token",
-				ExpiresIn:    60 * 60,
-			},
-			IDToken: "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g",
-		}
-
-		b, err := json.Marshal(tokens)
-		require.NoError(t, err)
-
-		result, err := serde.FromJSON[map[string]interface{}](bytes.NewBuffer(b))
-		require.NoError(t, err)
-
-		assert.Equal(t, "access_token", result["access_token"])
-		assert.Equal(t, "Bearer", result["token_type"])
-		assert.Equal(t, "refresh_token", result["refresh_token"])
-		assert.Equal(t, float64(60*60), result["expires_in"])
-	})
-
-	t.Run("ToBase64String", func(t *testing.T) {
-		t.Run("serializes to Base64", func(t *testing.T) {
-			tokens := &Tokens{
-				Token: &oauth2.Token{
-					AccessToken:  "access_token",
-					TokenType:    "Bearer",
-					RefreshToken: "refresh_token",
-					ExpiresIn:    60 * 60,
-				},
-				IDToken: "eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g",
-			}
-
-			result, err := tokens.ToBase64String()
-			require.NoError(t, err)
-
-			assert.Equal(t, "eyJhY2Nlc3NfdG9rZW4iOiJhY2Nlc3NfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwicmVmcmVzaF90b2tlbiI6InJlZnJlc2hfdG9rZW4iLCJleHBpcnkiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImV4cGlyZXNfaW4iOjM2MDAsImlkX3Rva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSnJhV1FpT2lKMFpEQlRiV1JLVVRSeFVHZzFjVTVMZWsweU5qQkRXSGd5VldndGQyaEhMVTFFYW05UFMxZG1kRGhGSWl3aVlXeG5Jam9pVWxNeU5UWWlmUS5leUpwYzNNaU9pSm9kSFJ3T2k4dloyUnJMblJsYzNRNk16QXdNQ0lzSW5OMVlpSTZJakVpTENKaGRXUWlPaUpsTXpGbE1XUmhNR0k0WmpaaU5tVXpOV05oTnpCak56a3dZakV6WXpBME1EWmxORFJoWTJFMllqSmlaalkzWmpVMVpHVTNNelUxWVRrM09XRXlNalJtSWl3aVpYaHdJam94TnpRME56TTNOREkzTENKcFlYUWlPakUzTkRRM016Y3pNRGNzSW1GMWRHaGZkR2x0WlNJNk1UYzBORGN6TkRZME9Td2ljM1ZpWDJ4bFoyRmplU0k2SWpJME56UmpaakJpTWpJeE1UWTRPR0UxTnpJNU4yRmpaVEJsTWpZd1lURTFPVFEwTnpVMFpERTJZakZpWkRReVl6bGtOamMzT1dNNU1EQXpOamM0TURjaUxDSnVZVzFsSWpvaVFXUnRhVzVwYzNSeVlYUnZjaUlzSW01cFkydHVZVzFsSWpvaWNtOXZkQ0lzSW5CeVpXWmxjbkpsWkY5MWMyVnlibUZ0WlNJNkluSnZiM1FpTENKbGJXRnBiQ0k2SW1Ga2JXbHVRR1Y0WVcxd2JHVXVZMjl0SWl3aVpXMWhhV3hmZG1WeWFXWnBaV1FpT25SeWRXVXNJbkJ5YjJacGJHVWlPaUpvZEhSd09pOHZaMlJyTG5SbGMzUTZNekF3TUM5eWIyOTBJaXdpY0dsamRIVnlaU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHlZWFpoZEdGeUxtTnZiUzloZG1GMFlYSXZNalU0WkRoa1l6a3hObVJpT0dObFlUSmpZV1ppTm1NelkyUXdZMkl3TWpRMlpXWmxNRFl4TkRJeFpHSmtPRE5sWXpOaE16VXdOREk0WTJGaVpHRTBaajl6UFRnd0ptUTlhV1JsYm5ScFkyOXVJaXdpWjNKdmRYQnpYMlJwY21WamRDSTZXeUowYjI5c1ltOTRJaXdpWjJsMGJHRmlMVzl5WnlJc0ltZHVkWGRuWlhRaUxDSkRiMjF0YVhRME5URWlMQ0pxWVhOb2EyVnVZWE1pTENKbWJHbG5hSFJxY3lJc0luUjNhWFIwWlhJaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdmMyVmpkWEpwZEhraUxDSTBNVEkzTURnaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdlpHVnRieTFuY205MWNDSXNJbU4xYzNSdmJTMXliMnhsY3kxeWIyOTBMV2R5YjNWd0lpd2lORE0wTURRMExXZHliM1Z3TFRFaUxDSTBNelF3TkRRdFozSnZkWEF0TWlJc0ltZHBkR3hoWWkxdmNtY3hJaXdpWjJsMGJHRmlMVzl5Wnk5elpXTjFjbVVpTENKbmFYUnNZV0l0YjNKbkwzTmxZM1Z5WlM5dFlXNWhaMlZ5Y3lJc0ltZHBkR3hoWWkxdmNtY3ZjMlZqZFhKcGRIa3RjSEp2WkhWamRITWlMQ0puYVhSc1lXSXRiM0puTDNObFkzVnlhWFI1TFhCeWIyUjFZM1J6TDJGdVlXeDVlbVZ5Y3lJc0ltTjFjM1J2YlMxeWIyeGxjeTF5YjI5MExXZHliM1Z3TDJGaElpd2lZM1Z6ZEc5dExYSnZiR1Z6TFhKdmIzUXRaM0p2ZFhBdllXRXZZV0ZoSWl3aWJXRnpjMTlwYm5ObGNuUmZaM0p2ZFhCZlh6QmZNVEF3SWwxOS5TWnVfbDd0UTJLa2VvZ3EwejhjUmFEV1BmdjUySlRvLVJraUV4Ym51ZF9scmZyWFhuZVM3N0JJemFHS1hfYnpxNFNNX29PX1E2M0F6SzY2QjFyNkdwN0FDbzREak9VRUlXRVRnN1pCS2NEekVabnJlc0I3a21JX01KNXJmSUpUbW5INzVHT2ZjX3BsNWw4VDg5NlRiYVNoTjZ6U3BhWFhJVkVmaHlVcmZsU1diNGhoQTdIYnd5MmI2bGFYaWFEdjBxcGNuMXVkUFZZTVRzbGw4STVuaV8yeXp1RVBTVlJncmNRb1E0Nk93VkRaSWk5dGxmZFQycU5Wakg2RnhKM21rQmN4dElWamYzX0pZQWF3RkVzY2cydXZRWXdGV2o5VDZMbGVNa25BaDNRRkpKTXJTNm1QcWxYSkdQVUU1cFRRZ3NCSW5mRWlrZm05UFh4ZXpBLUlZNmcifQ==", result)
-		})
-	})
-
-	t.Run("TokensFromBase64String", func(t *testing.T) {
-		t.Run("deserializes from Base64", func(t *testing.T) {
-			s := "eyJhY2Nlc3NfdG9rZW4iOiJhY2Nlc3NfdG9rZW4iLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwicmVmcmVzaF90b2tlbiI6InJlZnJlc2hfdG9rZW4iLCJleHBpcnkiOiIwMDAxLTAxLTAxVDAwOjAwOjAwWiIsImV4cGlyZXNfaW4iOjM2MDAsImlkX3Rva2VuIjoiZXlKMGVYQWlPaUpLVjFRaUxDSnJhV1FpT2lKMFpEQlRiV1JLVVRSeFVHZzFjVTVMZWsweU5qQkRXSGd5VldndGQyaEhMVTFFYW05UFMxZG1kRGhGSWl3aVlXeG5Jam9pVWxNeU5UWWlmUS5leUpwYzNNaU9pSm9kSFJ3T2k4dloyUnJMblJsYzNRNk16QXdNQ0lzSW5OMVlpSTZJakVpTENKaGRXUWlPaUpsTXpGbE1XUmhNR0k0WmpaaU5tVXpOV05oTnpCak56a3dZakV6WXpBME1EWmxORFJoWTJFMllqSmlaalkzWmpVMVpHVTNNelUxWVRrM09XRXlNalJtSWl3aVpYaHdJam94TnpRME56TTNOREkzTENKcFlYUWlPakUzTkRRM016Y3pNRGNzSW1GMWRHaGZkR2x0WlNJNk1UYzBORGN6TkRZME9Td2ljM1ZpWDJ4bFoyRmplU0k2SWpJME56UmpaakJpTWpJeE1UWTRPR0UxTnpJNU4yRmpaVEJsTWpZd1lURTFPVFEwTnpVMFpERTJZakZpWkRReVl6bGtOamMzT1dNNU1EQXpOamM0TURjaUxDSnVZVzFsSWpvaVFXUnRhVzVwYzNSeVlYUnZjaUlzSW01cFkydHVZVzFsSWpvaWNtOXZkQ0lzSW5CeVpXWmxjbkpsWkY5MWMyVnlibUZ0WlNJNkluSnZiM1FpTENKbGJXRnBiQ0k2SW1Ga2JXbHVRR1Y0WVcxd2JHVXVZMjl0SWl3aVpXMWhhV3hmZG1WeWFXWnBaV1FpT25SeWRXVXNJbkJ5YjJacGJHVWlPaUpvZEhSd09pOHZaMlJyTG5SbGMzUTZNekF3TUM5eWIyOTBJaXdpY0dsamRIVnlaU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHlZWFpoZEdGeUxtTnZiUzloZG1GMFlYSXZNalU0WkRoa1l6a3hObVJpT0dObFlUSmpZV1ppTm1NelkyUXdZMkl3TWpRMlpXWmxNRFl4TkRJeFpHSmtPRE5sWXpOaE16VXdOREk0WTJGaVpHRTBaajl6UFRnd0ptUTlhV1JsYm5ScFkyOXVJaXdpWjNKdmRYQnpYMlJwY21WamRDSTZXeUowYjI5c1ltOTRJaXdpWjJsMGJHRmlMVzl5WnlJc0ltZHVkWGRuWlhRaUxDSkRiMjF0YVhRME5URWlMQ0pxWVhOb2EyVnVZWE1pTENKbWJHbG5hSFJxY3lJc0luUjNhWFIwWlhJaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdmMyVmpkWEpwZEhraUxDSTBNVEkzTURnaUxDSm5hWFJzWVdJdFpYaGhiWEJzWlhNdlpHVnRieTFuY205MWNDSXNJbU4xYzNSdmJTMXliMnhsY3kxeWIyOTBMV2R5YjNWd0lpd2lORE0wTURRMExXZHliM1Z3TFRFaUxDSTBNelF3TkRRdFozSnZkWEF0TWlJc0ltZHBkR3hoWWkxdmNtY3hJaXdpWjJsMGJHRmlMVzl5Wnk5elpXTjFjbVVpTENKbmFYUnNZV0l0YjNKbkwzTmxZM1Z5WlM5dFlXNWhaMlZ5Y3lJc0ltZHBkR3hoWWkxdmNtY3ZjMlZqZFhKcGRIa3RjSEp2WkhWamRITWlMQ0puYVhSc1lXSXRiM0puTDNObFkzVnlhWFI1TFhCeWIyUjFZM1J6TDJGdVlXeDVlbVZ5Y3lJc0ltTjFjM1J2YlMxeWIyeGxjeTF5YjI5MExXZHliM1Z3TDJGaElpd2lZM1Z6ZEc5dExYSnZiR1Z6TFhKdmIzUXRaM0p2ZFhBdllXRXZZV0ZoSWl3aWJXRnpjMTlwYm5ObGNuUmZaM0p2ZFhCZlh6QmZNVEF3SWwxOS5TWnVfbDd0UTJLa2VvZ3EwejhjUmFEV1BmdjUySlRvLVJraUV4Ym51ZF9scmZyWFhuZVM3N0JJemFHS1hfYnpxNFNNX29PX1E2M0F6SzY2QjFyNkdwN0FDbzREak9VRUlXRVRnN1pCS2NEekVabnJlc0I3a21JX01KNXJmSUpUbW5INzVHT2ZjX3BsNWw4VDg5NlRiYVNoTjZ6U3BhWFhJVkVmaHlVcmZsU1diNGhoQTdIYnd5MmI2bGFYaWFEdjBxcGNuMXVkUFZZTVRzbGw4STVuaV8yeXp1RVBTVlJncmNRb1E0Nk93VkRaSWk5dGxmZFQycU5Wakg2RnhKM21rQmN4dElWamYzX0pZQWF3RkVzY2cydXZRWXdGV2o5VDZMbGVNa25BaDNRRkpKTXJTNm1QcWxYSkdQVUU1cFRRZ3NCSW5mRWlrZm05UFh4ZXpBLUlZNmcifQ=="
-
-			result, err := TokensFromBase64String(s)
-			require.NoError(t, err)
-
-			require.NotNil(t, result)
-			assert.Equal(t, "access_token", result.AccessToken)
-			assert.Equal(t, "Bearer", result.TokenType)
-			assert.Equal(t, "refresh_token", result.RefreshToken)
-			assert.Equal(t, int64(3600), result.ExpiresIn)
-			assert.Equal(t, RawToken("eyJ0eXAiOiJKV1QiLCJraWQiOiJ0ZDBTbWRKUTRxUGg1cU5Lek0yNjBDWHgyVWgtd2hHLU1Eam9PS1dmdDhFIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMCIsInN1YiI6IjEiLCJhdWQiOiJlMzFlMWRhMGI4ZjZiNmUzNWNhNzBjNzkwYjEzYzA0MDZlNDRhY2E2YjJiZjY3ZjU1ZGU3MzU1YTk3OWEyMjRmIiwiZXhwIjoxNzQ0NzM3NDI3LCJpYXQiOjE3NDQ3MzczMDcsImF1dGhfdGltZSI6MTc0NDczNDY0OSwic3ViX2xlZ2FjeSI6IjI0NzRjZjBiMjIxMTY4OGE1NzI5N2FjZTBlMjYwYTE1OTQ0NzU0ZDE2YjFiZDQyYzlkNjc3OWM5MDAzNjc4MDciLCJuYW1lIjoiQWRtaW5pc3RyYXRvciIsIm5pY2tuYW1lIjoicm9vdCIsInByZWZlcnJlZF91c2VybmFtZSI6InJvb3QiLCJlbWFpbCI6ImFkbWluQGV4YW1wbGUuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByb2ZpbGUiOiJodHRwOi8vZ2RrLnRlc3Q6MzAwMC9yb290IiwicGljdHVyZSI6Imh0dHBzOi8vd3d3LmdyYXZhdGFyLmNvbS9hdmF0YXIvMjU4ZDhkYzkxNmRiOGNlYTJjYWZiNmMzY2QwY2IwMjQ2ZWZlMDYxNDIxZGJkODNlYzNhMzUwNDI4Y2FiZGE0Zj9zPTgwJmQ9aWRlbnRpY29uIiwiZ3JvdXBzX2RpcmVjdCI6WyJ0b29sYm94IiwiZ2l0bGFiLW9yZyIsImdudXdnZXQiLCJDb21taXQ0NTEiLCJqYXNoa2VuYXMiLCJmbGlnaHRqcyIsInR3aXR0ZXIiLCJnaXRsYWItZXhhbXBsZXMiLCJnaXRsYWItZXhhbXBsZXMvc2VjdXJpdHkiLCI0MTI3MDgiLCJnaXRsYWItZXhhbXBsZXMvZGVtby1ncm91cCIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwIiwiNDM0MDQ0LWdyb3VwLTEiLCI0MzQwNDQtZ3JvdXAtMiIsImdpdGxhYi1vcmcxIiwiZ2l0bGFiLW9yZy9zZWN1cmUiLCJnaXRsYWItb3JnL3NlY3VyZS9tYW5hZ2VycyIsImdpdGxhYi1vcmcvc2VjdXJpdHktcHJvZHVjdHMiLCJnaXRsYWItb3JnL3NlY3VyaXR5LXByb2R1Y3RzL2FuYWx5emVycyIsImN1c3RvbS1yb2xlcy1yb290LWdyb3VwL2FhIiwiY3VzdG9tLXJvbGVzLXJvb3QtZ3JvdXAvYWEvYWFhIiwibWFzc19pbnNlcnRfZ3JvdXBfXzBfMTAwIl19.SZu_l7tQ2Kkeogq0z8cRaDWPfv52JTo-RkiExbnud_lrfrXXneS77BIzaGKX_bzq4SM_oO_Q63AzK66B1r6Gp7ACo4DjOUEIWETg7ZBKcDzEZnresB7kmI_MJ5rfIJTmnH75GOfc_pl5l8T896TbaShN6zSpaXXIVEfhyUrflSWb4hhA7Hbwy2b6laXiaDv0qpcn1udPVYMTsll8I5ni_2yzuEPSVRgrcQoQ46OwVDZIi9tlfdT2qNVjH6FxJ3mkBcxtIVjf3_JYAawFEscg2uvQYwFWj9T6LleMknAh3QFJJMrS6mPqlXJGPUE5pTQgsBInfEikfm9PXxezA-IY6g"), result.IDToken)
-		})
-	})
-}
diff --git a/pkg/oidc/provider.go b/pkg/web/oidc.go
index 31f7577..707a1b5 100644
--- a/pkg/oidc/provider.go
+++ b/pkg/web/oidc.go
@@ -1,4 +1,4 @@
-package oidc
+package web
 
 import (
 	"context"
@@ -6,7 +6,7 @@ import (
 	"github.com/coreos/go-oidc/v3/oidc"
 )
 
-func NewProvider(ctx context.Context, issuer string, report func(error)) *oidc.Provider {
+func NewOIDCProvider(ctx context.Context, issuer string, report func(error)) *oidc.Provider {
 	provider, err := oidc.NewProvider(ctx, issuer)
 	if err == nil {
 		return provider
diff --git a/pkg/oidc/test_server.go b/pkg/web/oidc_server.go
index 81b37ca..31ef572 100644
--- a/pkg/oidc/test_server.go
+++ b/pkg/web/oidc_server.go
@@ -1,4 +1,4 @@
-package oidc
+package web
 
 import (
 	"net/http"
@@ -12,14 +12,14 @@ import (
 	"golang.org/x/oauth2"
 )
 
-type TestServer struct {
+type OIDCServer struct {
 	*mockoidc.MockOIDC
 	*oauth2.Config
 	*oidc.Provider
 	*testing.T
 }
 
-func NewTestServer(t *testing.T) *TestServer {
+func NewOIDCServer(t *testing.T) *OIDCServer {
 	srv, err := mockoidc.Run()
 	require.NoError(t, err)
 
@@ -29,12 +29,10 @@ func NewTestServer(t *testing.T) *TestServer {
 			next.ServeHTTP(w, r)
 		})
 	})
+	provider, err := oidc.NewProvider(t.Context(), srv.Issuer())
+	require.NoError(t, err)
 
-	provider := NewProvider(t.Context(), srv.Issuer(), func(err error) {
-		require.NoError(t, err)
-	})
-
-	return &TestServer{
+	return &OIDCServer{
 		srv,
 		&oauth2.Config{
 			ClientID:     srv.ClientID,
@@ -48,7 +46,7 @@ func NewTestServer(t *testing.T) *TestServer {
 	}
 }
 
-func (srv *TestServer) CreateAuthorizationCodeFor(user mockoidc.User) string {
+func (srv *OIDCServer) CreateAuthorizationCodeFor(user mockoidc.User) string {
 	code := strconv.FormatInt(time.Now().Unix(), 10)
 	srv.QueueUser(user)
 	srv.QueueCode(code)
@@ -58,21 +56,21 @@ func (srv *TestServer) CreateAuthorizationCodeFor(user mockoidc.User) string {
 	return code
 }
 
-func (srv *TestServer) CreateTokenFor(user mockoidc.User) *oauth2.Token {
+func (srv *OIDCServer) CreateTokenFor(user mockoidc.User) *oauth2.Token {
 	code := srv.CreateAuthorizationCodeFor(user)
 	token, err := srv.Exchange(srv.Context(), code)
 	require.NoError(srv, err)
 	return token
 }
 
-func (srv *TestServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) {
+func (srv *OIDCServer) CreateTokensFor(user mockoidc.User) (*oauth2.Token, string) {
 	token := srv.CreateTokenFor(user)
 	rawIDToken, ok := token.Extra("id_token").(string)
 	require.True(srv, ok)
 	return token, rawIDToken
 }
 
-func (srv *TestServer) Verify(rawIDToken string) *oidc.IDToken {
+func (srv *OIDCServer) Verify(rawIDToken string) *oidc.IDToken {
 	idToken, err := srv.
 		Verifier(&oidc.Config{ClientID: srv.MockOIDC.Config().ClientID}).
 		Verify(srv.Context(), rawIDToken)
@@ -81,6 +79,6 @@ func (srv *TestServer) Verify(rawIDToken string) *oidc.IDToken {
 	return idToken
 }
 
-func (s *TestServer) Close() {
+func (s *OIDCServer) Close() {
 	s.Shutdown()
 }
author	mo khan <mo@mokhan.ca>	2025-05-15 14:42:08 -0600
committer	mo khan <mo@mokhan.ca>	2025-05-15 14:42:08 -0600
commit	c151c1a77d31c5e01885691b6df1ea7b0be0b0e5 (patch)
tree	254aed8be6abaffaeba71df5bcb35d41d52bb2b2 /pkg
parent	3d01a69471fc4f0ae9f2f4145620b6aea50f2216 (diff)
parent	b6968005e1e1758e37edc7830c02e2217ee5fd90 (diff)