4 files changed, 26 insertions, 107 deletions
diff --git a/pkg/authz/id_token.go b/pkg/authz/id_token.go
index ccc96de..3271af8 100644
--- a/pkg/authz/id_token.go
+++ b/pkg/authz/id_token.go
@@ -5,21 +5,35 @@ import (
 	"encoding/json"
 	"errors"
 	"strings"
-	"time"
 )
 
+type CustomClaims struct {
+	Name       string   `json:"name"`
+	Nickname   string   `json:"nickname"`
+	Email      string   `json:"email"`
+	ProfileURL string   `json:"profile"`
+	Picture    string   `json:"picture"`
+	Groups     []string `json:"groups_direct"`
+}
+
 type IDToken struct {
-	// Audience      []string  `json:"aud"`
-	Email         string    `json:"email"`
-	EmailVerified bool      `json:"email_verified"`
-	ExpiredAt     int64     `json:"exp"`
-	IssuedAt      int64     `json:"iat"`
-	Issuer        string    `json:"iss"`
-	Name          string    `json:"name"`
-	Nickname      string    `json:"nickname"`
-	Picture       string    `json:"picture"`
-	Subject       string    `json:"sub"`
-	UpdatedAt     time.Time `json:"updated_at"`
+	Issuer       string                 `json:"iss"`
+	Subject      string                 `json:"sub"`
+	Audience     any                    `json:"aud"`
+	Expiry       any                    `json:"exp"`
+	IssuedAt     any                    `json:"iat"`
+	NotBefore    any                    `json:"nbf"`
+	Nonce        string                 `json:"nonce"`
+	AtHash       string                 `json:"at_hash"`
+	ClaimNames   map[string]string      `json:"_claim_names"`
+	ClaimSources map[string]ClaimSource `json:"_claim_sources"`
+
+	CustomClaims
+}
+
+type ClaimSource struct {
+	Endpoint    string `json:"endpoint"`
+	AccessToken string `json:"access_token"`
 }
 
 func NewIDToken(raw string) (*IDToken, error) {
diff --git a/pkg/web/cookie.go b/pkg/web/cookie.go
deleted file mode 100644
index 11cc807..0000000
--- a/pkg/web/cookie.go
+++ /dev/null
@@ -1,35 +0,0 @@
-package web
-
-import (
-	"net/http"
-
-	"github.com/xlgmokha/x/pkg/cookie"
-	"github.com/xlgmokha/x/pkg/x"
-)
-
-func NewCookie(name, value string, options ...x.Option[*http.Cookie]) *http.Cookie {
-	return x.New[*http.Cookie](x.Prepend[x.Option[*http.Cookie]](
-		options,
-		cookie.WithName(name),
-		cookie.WithValue(value),
-		cookie.WithPath("/"),
-		cookie.WithHttpOnly(true),
-		cookie.WithSecure(true),
-	)...)
-}
-
-func ExpireCookie(w http.ResponseWriter, name string) error {
-	return WriteCookie(w, cookie.Reset(name,
-		cookie.WithPath("/"),
-		cookie.WithHttpOnly(true),
-		cookie.WithSecure(true),
-	))
-}
-
-func WriteCookie(w http.ResponseWriter, c *http.Cookie) error {
-	if err := c.Valid(); err != nil {
-		return err
-	}
-	cookie.Write(w, c)
-	return nil
-}
diff --git a/pkg/web/cookie_test.go b/pkg/web/cookie_test.go
deleted file mode 100644
index 1a3bfb0..0000000
--- a/pkg/web/cookie_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-package web
-
-import (
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestNewCookie(t *testing.T) {
-	cookie := NewCookie("name", "value")
-	assert.True(t, cookie.HttpOnly)
-	assert.True(t, cookie.Secure)
-}
-
-func TestExpireCookie(t *testing.T) {
-	w := httptest.NewRecorder()
-
-	ExpireCookie(w, "example")
-
-	result, err := http.ParseSetCookie(w.Header().Get("Set-Cookie"))
-	require.NoError(t, err)
-
-	assert.Empty(t, result.Value)
-	assert.Equal(t, -1, result.MaxAge)
-	assert.Equal(t, time.Unix(0, 0).Unix(), result.Expires.Unix())
-	assert.True(t, result.HttpOnly)
-	assert.True(t, result.Secure)
-	assert.Zero(t, result.SameSite)
-}
diff --git a/pkg/web/oidc.go b/pkg/web/oidc.go
deleted file mode 100644
index 707a1b5..0000000
--- a/pkg/web/oidc.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package web
-
-import (
-	"context"
-
-	"github.com/coreos/go-oidc/v3/oidc"
-)
-
-func NewOIDCProvider(ctx context.Context, issuer string, report func(error)) *oidc.Provider {
-	provider, err := oidc.NewProvider(ctx, issuer)
-	if err == nil {
-		return provider
-	}
-
-	report(err)
-
-	config := &oidc.ProviderConfig{
-		IssuerURL:     issuer,
-		AuthURL:       issuer + "/oauth/authorize",
-		TokenURL:      issuer + "/oauth/token",
-		DeviceAuthURL: "",
-		UserInfoURL:   issuer + "/oauth/userinfo",
-		JWKSURL:       issuer + "/oauth/disovery/keys",
-		Algorithms:    []string{"RS256"},
-	}
-	return config.NewProvider(ctx)
-}