Skip to content

Commit 401ad58

Browse files
mitarmitar
committed
chore: upgrade to jose v4 library
1 parent 869a37c commit 401ad58

25 files changed

+96
-70
lines changed

authorize_request_handler.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ import (
1010
"net/http"
1111
"strings"
1212

13-
"github.com/go-jose/go-jose/v3"
13+
"github.com/go-jose/go-jose/v4"
1414
"go.opentelemetry.io/otel/trace"
1515

1616
"github.com/ory/fosite/i18n"

authorize_request_handler_oidc_request_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ import (
1616

1717
"github.com/pkg/errors"
1818

19-
"github.com/go-jose/go-jose/v3"
19+
"github.com/go-jose/go-jose/v4"
2020
"github.com/stretchr/testify/assert"
2121
"github.com/stretchr/testify/require"
2222

client.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
package fosite
55

66
import (
7-
"github.com/go-jose/go-jose/v3"
7+
"github.com/go-jose/go-jose/v4"
88
)
99

1010
// Client represents a client or an app.

client_authentication.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ import (
1616

1717
"github.com/ory/x/errorsx"
1818

19-
"github.com/go-jose/go-jose/v3"
19+
"github.com/go-jose/go-jose/v4"
2020
"github.com/pkg/errors"
2121

2222
"github.com/ory/fosite/token/jwt"

client_authentication_jwks_strategy.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import (
1313

1414
"github.com/ory/x/errorsx"
1515

16-
"github.com/go-jose/go-jose/v3"
16+
"github.com/go-jose/go-jose/v4"
1717
)
1818

1919
const defaultJWKSFetcherStrategyCachePrefix = "github.com/ory/fosite.DefaultJWKSFetcherStrategy:"

client_authentication_jwks_strategy_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ import (
1717

1818
"github.com/ory/fosite/internal/gen"
1919

20-
"github.com/go-jose/go-jose/v3"
20+
"github.com/go-jose/go-jose/v4"
2121
"github.com/stretchr/testify/assert"
2222
"github.com/stretchr/testify/require"
2323
)

client_authentication_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ import (
2020

2121
"github.com/ory/fosite/internal/gen"
2222

23-
"github.com/go-jose/go-jose/v3"
23+
"github.com/go-jose/go-jose/v4"
2424
"github.com/pkg/errors"
2525
"github.com/stretchr/testify/assert"
2626
"github.com/stretchr/testify/require"

go.mod

+11-9
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ require (
1010
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2
1111
github.com/cristalhq/jwt/v4 v4.0.2
1212
github.com/dgraph-io/ristretto v0.1.1
13-
github.com/go-jose/go-jose/v3 v3.0.3
13+
github.com/go-jose/go-jose/v4 v4.0.4
1414
github.com/golang/mock v1.6.0
1515
github.com/google/uuid v1.3.0
1616
github.com/gorilla/mux v1.8.0
@@ -25,13 +25,13 @@ require (
2525
github.com/ory/x v0.0.575
2626
github.com/parnurzeal/gorequest v0.2.15
2727
github.com/pkg/errors v0.9.1
28-
github.com/stretchr/testify v1.8.4
28+
github.com/stretchr/testify v1.9.0
2929
github.com/tidwall/gjson v1.14.3
3030
go.opentelemetry.io/otel/trace v1.16.0
31-
golang.org/x/crypto v0.21.0
32-
golang.org/x/net v0.23.0
31+
golang.org/x/crypto v0.25.0
32+
golang.org/x/net v0.25.0
3333
golang.org/x/oauth2 v0.10.0
34-
golang.org/x/text v0.14.0
34+
golang.org/x/text v0.16.0
3535
)
3636

3737
require (
@@ -83,9 +83,9 @@ require (
8383
go.opentelemetry.io/otel/metric v1.16.0 // indirect
8484
go.opentelemetry.io/otel/sdk v1.16.0 // indirect
8585
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
86-
golang.org/x/mod v0.12.0 // indirect
87-
golang.org/x/sys v0.20.0 // indirect
88-
golang.org/x/tools v0.11.1 // indirect
86+
golang.org/x/mod v0.17.0 // indirect
87+
golang.org/x/sys v0.22.0 // indirect
88+
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
8989
google.golang.org/appengine v1.6.7 // indirect
9090
google.golang.org/genproto v0.0.0-20230731193218-e0aa005b6bdf // indirect
9191
google.golang.org/genproto/googleapis/api v0.0.0-20230731193218-e0aa005b6bdf // indirect
@@ -96,4 +96,6 @@ require (
9696
gopkg.in/yaml.v3 v3.0.1 // indirect
9797
)
9898

99-
go 1.20
99+
go 1.21
100+
101+
toolchain go1.23.1

go.sum

+42-25
Large diffs are not rendered by default.

handler/rfc7523/handler.go

+4-3
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,11 @@ import (
1010

1111
"github.com/ory/fosite/handler/oauth2"
1212

13-
"github.com/go-jose/go-jose/v3"
14-
"github.com/go-jose/go-jose/v3/jwt"
13+
"github.com/go-jose/go-jose/v4"
14+
"github.com/go-jose/go-jose/v4/jwt"
1515

1616
"github.com/ory/fosite"
17+
fositeJWT "github.com/ory/fosite/token/jwt"
1718
"github.com/ory/x/errorsx"
1819
)
1920

@@ -51,7 +52,7 @@ func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite
5152
return errorsx.WithStack(fosite.ErrInvalidRequest.WithHintf("The assertion request parameter must be set when using grant_type of '%s'.", grantTypeJWTBearer))
5253
}
5354

54-
token, err := jwt.ParseSigned(assertion)
55+
token, err := jwt.ParseSigned(assertion, fositeJWT.SupportedSignatureAlgorithms)
5556
if err != nil {
5657
return errorsx.WithStack(fosite.ErrInvalidGrant.
5758
WithHint("Unable to parse JSON Web Token passed in \"assertion\" request parameter.").

handler/rfc7523/handler_test.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,8 @@ import (
1818

1919
"github.com/ory/fosite/handler/oauth2"
2020

21-
"github.com/go-jose/go-jose/v3"
22-
"github.com/go-jose/go-jose/v3/jwt"
21+
"github.com/go-jose/go-jose/v4"
22+
"github.com/go-jose/go-jose/v4/jwt"
2323
"github.com/golang/mock/gomock"
2424
"github.com/stretchr/testify/suite"
2525

@@ -760,7 +760,7 @@ func (s *AuthorizeJWTGrantRequestHandlerTestSuite) createTestAssertion(cl jwt.Cl
760760
s.FailNowf("failed to create test assertion", "failed to create signer: %s", err.Error())
761761
}
762762

763-
raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize()
763+
raw, err := jwt.Signed(sig).Claims(cl).Serialize()
764764
if err != nil {
765765
s.FailNowf("failed to create test assertion", "failed to sign assertion: %s", err.Error())
766766
}

handler/rfc7523/storage.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ import (
77
"context"
88
"time"
99

10-
"github.com/go-jose/go-jose/v3"
10+
"github.com/go-jose/go-jose/v4"
1111
)
1212

1313
// RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants.

integration/authorize_jwt_bearer_required_iat_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ import (
1111

1212
"github.com/stretchr/testify/require"
1313

14-
"github.com/go-jose/go-jose/v3/jwt"
14+
"github.com/go-jose/go-jose/v4/jwt"
1515
"github.com/google/uuid"
1616
"github.com/stretchr/testify/assert"
1717
"github.com/stretchr/testify/suite"

integration/authorize_jwt_bearer_required_jti_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ import (
99
"testing"
1010
"time"
1111

12-
"github.com/go-jose/go-jose/v3/jwt"
12+
"github.com/go-jose/go-jose/v4/jwt"
1313
"github.com/google/uuid"
1414
"github.com/stretchr/testify/assert"
1515
"github.com/stretchr/testify/suite"

integration/authorize_jwt_bearer_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ import (
1111

1212
"github.com/stretchr/testify/require"
1313

14-
"github.com/go-jose/go-jose/v3/jwt"
14+
"github.com/go-jose/go-jose/v4/jwt"
1515
"github.com/google/uuid"
1616
"github.com/stretchr/testify/assert"
1717
"github.com/stretchr/testify/suite"

integration/clients/jwt_bearer.go

+3-3
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@ import (
1212
"net/url"
1313
"strings"
1414

15-
"github.com/go-jose/go-jose/v3"
16-
"github.com/go-jose/go-jose/v3/jwt"
15+
"github.com/go-jose/go-jose/v4"
16+
"github.com/go-jose/go-jose/v4/jwt"
1717
)
1818

1919
// #nosec:gosec G101 - False Positive
@@ -69,7 +69,7 @@ func (c *JWTBearer) GetToken(ctx context.Context, payloadData *JWTBearerPayload,
6969
Claims(payloadData.Claims).
7070
Claims(payloadData.PrivateClaims)
7171

72-
assertion, err := builder.CompactSerialize()
72+
assertion, err := builder.Serialize()
7373
if err != nil {
7474
return nil, err
7575
}

integration/helper_setup_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ import (
1515
"github.com/ory/fosite/internal"
1616
"github.com/ory/fosite/internal/gen"
1717

18-
"github.com/go-jose/go-jose/v3"
18+
"github.com/go-jose/go-jose/v4"
1919
"github.com/gorilla/mux"
2020
goauth "golang.org/x/oauth2"
2121
"golang.org/x/oauth2/clientcredentials"

integration/introspect_jwt_bearer_token_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ import (
1212

1313
"github.com/stretchr/testify/require"
1414

15-
"github.com/go-jose/go-jose/v3/jwt"
15+
"github.com/go-jose/go-jose/v4/jwt"
1616
"github.com/stretchr/testify/assert"
1717
"github.com/stretchr/testify/suite"
1818

internal/oauth2_auth_jwt_storage.go

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

storage/memory.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ import (
99
"sync"
1010
"time"
1111

12-
"github.com/go-jose/go-jose/v3"
12+
"github.com/go-jose/go-jose/v4"
1313

1414
"github.com/ory/fosite"
1515
"github.com/ory/fosite/internal"

token/jwt/jwt.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ import (
1414
"crypto/sha256"
1515
"strings"
1616

17-
"github.com/go-jose/go-jose/v3"
17+
"github.com/go-jose/go-jose/v4"
1818

1919
"github.com/ory/x/errorsx"
2020

token/jwt/jwt_test.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ import (
1010
"testing"
1111
"time"
1212

13-
"github.com/go-jose/go-jose/v3"
13+
"github.com/go-jose/go-jose/v4"
1414

1515
"github.com/ory/fosite/internal/gen"
1616

token/jwt/map_claims.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ import (
1010
"errors"
1111
"time"
1212

13-
jjson "github.com/go-jose/go-jose/v3/json"
13+
jjson "github.com/go-jose/go-jose/v4/json"
1414

1515
"github.com/ory/x/errorsx"
1616
)

token/jwt/token.go

+11-5
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,8 @@ import (
99
"fmt"
1010
"reflect"
1111

12-
"github.com/go-jose/go-jose/v3"
13-
"github.com/go-jose/go-jose/v3/jwt"
12+
"github.com/go-jose/go-jose/v4"
13+
"github.com/go-jose/go-jose/v4/jwt"
1414

1515
"github.com/ory/x/errorsx"
1616
)
@@ -37,6 +37,12 @@ const (
3737
JWTHeaderTypeValue = "JWT"
3838
)
3939

40+
var SupportedSignatureAlgorithms = []jose.SignatureAlgorithm{
41+
SigningMethodNone,
42+
jose.EdDSA, jose.HS256, jose.HS384, jose.HS512, jose.RS256, jose.RS384,
43+
jose.RS512, jose.ES256, jose.ES384, jose.ES512, jose.PS256, jose.PS384, jose.PS512,
44+
}
45+
4046
type unsafeNoneMagicConstant string
4147

4248
// Valid informs if the token was verified against a given verification key
@@ -96,10 +102,10 @@ func (t *Token) SignedString(k interface{}) (rawToken string, err error) {
96102

97103
// A explicit conversion from type alias MapClaims
98104
// to map[string]interface{} is required because the
99-
// go-jose CompactSerialize() only support explicit maps
105+
// go-jose Serialize() only support explicit maps
100106
// as claims or structs but not type aliases from maps.
101107
claims := map[string]interface{}(t.Claims)
102-
rawToken, err = jwt.Signed(signer).Claims(claims).CompactSerialize()
108+
rawToken, err = jwt.Signed(signer).Claims(claims).Serialize()
103109
if err != nil {
104110
err = &ValidationError{Errors: ValidationErrorClaimsInvalid, Inner: err}
105111
return
@@ -163,7 +169,7 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
163169
// If everything is kosher, err will be nil
164170
func ParseWithClaims(rawToken string, claims MapClaims, keyFunc Keyfunc) (*Token, error) {
165171
// Parse the token.
166-
parsedToken, err := jwt.ParseSigned(rawToken)
172+
parsedToken, err := jwt.ParseSigned(rawToken, SupportedSignatureAlgorithms)
167173
if err != nil {
168174
return &Token{}, &ValidationError{Errors: ValidationErrorMalformed, text: err.Error()}
169175
}

token/jwt/token_test.go

+4-4
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ import (
1515

1616
"github.com/ory/fosite/internal/gen"
1717

18-
"github.com/go-jose/go-jose/v3"
19-
"github.com/go-jose/go-jose/v3/jwt"
18+
"github.com/go-jose/go-jose/v4"
19+
"github.com/go-jose/go-jose/v4/jwt"
2020
"github.com/stretchr/testify/assert"
2121
"github.com/stretchr/testify/require"
2222
)
@@ -54,7 +54,7 @@ func TestUnsignedToken(t *testing.T) {
5454
parts := strings.Split(rawToken, ".")
5555
require.Len(t, parts, 3)
5656
require.Empty(t, parts[2])
57-
tk, err := jwt.ParseSigned(rawToken)
57+
tk, err := jwt.ParseSigned(rawToken, SupportedSignatureAlgorithms)
5858
require.NoError(t, err)
5959
require.Len(t, tk.Headers, 1)
6060
require.Equal(t, tc.expectedType, tk.Headers[0].ExtraHeaders[jose.HeaderKey("typ")])
@@ -82,7 +82,7 @@ func TestJWTHeaders(t *testing.T) {
8282
for _, tc := range testCases {
8383
t.Run(tc.name, func(t *testing.T) {
8484
rawToken := makeSampleTokenWithCustomHeaders(nil, jose.RS256, tc.jwtHeaders, gen.MustRSAKey())
85-
tk, err := jwt.ParseSigned(rawToken)
85+
tk, err := jwt.ParseSigned(rawToken, SupportedSignatureAlgorithms)
8686
require.NoError(t, err)
8787
require.Len(t, tk.Headers, 1)
8888
require.Equal(t, tk.Headers[0].Algorithm, "RS256")

0 commit comments

Comments
 (0)