edit README.md

add NOTICE file
Naming of repair methods

NOTICE

@@ -0,0 +1,10 @@
+xslasd/x-oidc
+Copyright 2023 xslasd
+This product includes software developed by the Apache Software Foundation (http://www.apache.org/).
+
+This product includes software developed by go-jose (github.com/go-jose/go-jose/v3).
+This product includes software developed by google/uuid (github.com/google/uuid).
+
+This project referred to the redesign and implementation of interface functions for zitadel/oidc.
+
+The above code files or parts of them are licensed under the Apache 2.0 License and are subject to the terms and conditions of the Apache 2.0 License.

README.md

@@ -21,12 +21,14 @@ op.go   definition and implementation of an OIDC OpenID Provider (server)
 
 ## Third-party Library
 The library primarily depends on the third-party library "go-jose/v3".   
-The HTTP processing section uses an interface-based approach (with net/http being the default), which can be extended as needed.  
+The HTTP processing section uses an interface-based approach , which can be extended as needed.   
+When starting OP, implement Config.OpenIDWrapper. By default, github. com/xslass/x-oidc/example/server/httpwrapper can be used. Implementation based on net/HTTP. 
 ```
 	github.com/go-jose/go-jose/v3 v3.0.0
 	github.com/google/uuid v1.3.0
 	golang.org/x/text v0.9.0
 ```
+Special thanks to [zitadel/oidc](https://github.com/zitadel/oidc). This project referred to the redesign and implementation of interface functions for zitadel/oidc.
 ## Contributors
 
 <a href="https://github.com/xslasd/x-oidc/graphs/contributors">

config.go

@@ -1,13 +1,13 @@
 package oidc
 
 import (
-	"github.com/xslasd/x-oidc/crypto"
 	"github.com/xslasd/x-oidc/storage"
+	"github.com/xslasd/x-oidc/util"
 )
 
 type Config struct {
-	Issuer  string
-	Crypto  crypto.JWTCertifier
-	Handler OpenIDHandler
-	Storage storage.IStorage
+	Issuer        string
+	Crypto        util.JWTCertifier
+	OpenIDWrapper OpenIDWrapper
+	Storage       storage.IStorage
 }

ecode/oidc_error.go

@@ -53,6 +53,7 @@ var (
 	UnauthorizedClientGrantType = New(1031, UnsupportedGrantTypeErrorType, "The grantType '%s' unsupported", "")
 	AuthReqNotDone              = New(1032, InvalidRequestErrorType, "Unfortunately, the user may be not logged in and/or additional interaction is required.", "")
 
-	PublicKeyInvalid  = New(1050, ServerErrorErrorType, "failed to decode PEM block containing public key", "")
-	PrivateKeyInvalid = New(1051, ServerErrorErrorType, "failed to decode PEM block containing private key", "")
+	PublicKeyInvalid     = New(1050, ServerErrorErrorType, "failed to decode PEM block containing public key", "")
+	PrivateKeyInvalid    = New(1051, ServerErrorErrorType, "failed to decode PEM block containing private key", "")
+	AlgorithmUnsupported = New(1052, ServerErrorErrorType, "unsupported jose signing algorithm: %s", "")
 )

example/server/handler/httphandler.go → example/server/httpwrapper/httphandler.go

@@ -1,4 +1,4 @@
-package handler
+package httpwrapper
 
 import (
 	"context"
@@ -15,20 +15,20 @@ import (
 	"time"
 )
 
-type HttpHandler struct {
+type HttpWrapper struct {
 	handler *http.ServeMux
 	addr    string
 	logger  log.Logger
 }
 
-func NewHttpHandler(addr string) *HttpHandler {
-	return &HttpHandler{handler: http.DefaultServeMux, addr: addr}
+func NewHttpHandler(addr string) *HttpWrapper {
+	return &HttpWrapper{handler: http.DefaultServeMux, addr: addr}
 }
-func (h *HttpHandler) SetLogger(logger log.Logger) {
+func (h *HttpWrapper) SetLogger(logger log.Logger) {
 	h.logger = logger
 }
 
-func (h *HttpHandler) ListenAndServe() error {
+func (h *HttpWrapper) ListenAndServe() error {
 	h.login()
 	var err error
 	srv := &http.Server{
@@ -60,7 +60,7 @@ func (h *HttpHandler) ListenAndServe() error {
 	}
 }
 
-func (h *HttpHandler) DiscoveryJWKs(jwksEndpoint string, handler func() (*jose.JSONWebKeySet, error)) {
+func (h *HttpWrapper) DiscoveryJWKs(jwksEndpoint string, handler func() (*jose.JSONWebKeySet, error)) {
 	h.handler.HandleFunc(jwksEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		data, err := handler()
 		if err != nil {
@@ -74,7 +74,7 @@ func (h *HttpHandler) DiscoveryJWKs(jwksEndpoint string, handler func() (*jose.J
 	})
 }
 
-func (h *HttpHandler) DiscoveryConfig(discoveryEndpoint string, handler func(req *x_oidc.DiscoveryConfigReq) *model.DiscoveryConfiguration) {
+func (h *HttpWrapper) DiscoveryConfig(discoveryEndpoint string, handler func(req *x_oidc.DiscoveryConfigReq) *model.DiscoveryConfiguration) {
 	h.handler.HandleFunc(discoveryEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		data := handler(&x_oidc.DiscoveryConfigReq{
 			RegistrationEndpoint:         "",
@@ -88,7 +88,7 @@ func (h *HttpHandler) DiscoveryConfig(discoveryEndpoint string, handler func(req
 	})
 }
 
-func (h *HttpHandler) Authorize(authorizationEndpoint string, handler func(ctx context.Context, req *x_oidc.AuthRequestReq) (string, error)) {
+func (h *HttpWrapper) Authorize(authorizationEndpoint string, handler func(ctx context.Context, req *x_oidc.AuthRequestReq) (string, error)) {
 	h.handler.HandleFunc(authorizationEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		var authRequestReq x_oidc.AuthRequestReq
 		if r.Method == "GET" {
@@ -136,7 +136,7 @@ func (h *HttpHandler) Authorize(authorizationEndpoint string, handler func(ctx c
 	})
 }
 
-func (h *HttpHandler) EndSession(endSessionEndpoint string, handler func(ctx context.Context, req *x_oidc.EndSessionReq) (string, error)) {
+func (h *HttpWrapper) EndSession(endSessionEndpoint string, handler func(ctx context.Context, req *x_oidc.EndSessionReq) (string, error)) {
 	h.handler.HandleFunc(endSessionEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		var endSessionReq x_oidc.EndSessionReq
 		r.ParseForm()
@@ -168,7 +168,7 @@ func (h *HttpHandler) EndSession(endSessionEndpoint string, handler func(ctx con
 	})
 }
 
-func (h *HttpHandler) Introspect(introspectionEndpoint string, handler func(ctx context.Context, req *x_oidc.IntrospectionReq, r *http.Request) (*model.IntrospectionModel, error)) {
+func (h *HttpWrapper) Introspect(introspectionEndpoint string, handler func(ctx context.Context, req *x_oidc.IntrospectionReq, r *http.Request) (*model.IntrospectionModel, error)) {
 	h.handler.HandleFunc(introspectionEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		var introspectionReq x_oidc.IntrospectionReq
 		r.ParseForm()
@@ -207,7 +207,7 @@ func (h *HttpHandler) Introspect(introspectionEndpoint string, handler func(ctx
 	})
 }
 
-func (h *HttpHandler) RevokeToken(revocationEndpoint string, handler func(ctx context.Context, req *x_oidc.RevokeTokenReq, r *http.Request) error) {
+func (h *HttpWrapper) RevokeToken(revocationEndpoint string, handler func(ctx context.Context, req *x_oidc.RevokeTokenReq, r *http.Request) error) {
 	h.handler.HandleFunc(revocationEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		var revokeTokenReq x_oidc.RevokeTokenReq
 		r.ParseForm()
@@ -246,7 +246,7 @@ func (h *HttpHandler) RevokeToken(revocationEndpoint string, handler func(ctx co
 	})
 }
 
-func (h *HttpHandler) TokenExchange(tokenExchangeEndpoint string, handler func(ctx context.Context, req *x_oidc.TokenExchangeReq, r *http.Request) (interface{}, error)) {
+func (h *HttpWrapper) TokenExchange(tokenExchangeEndpoint string, handler func(ctx context.Context, req *x_oidc.TokenExchangeReq, r *http.Request) (interface{}, error)) {
 	h.handler.HandleFunc(tokenExchangeEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		var tokenExchangeReq x_oidc.TokenExchangeReq
 		r.ParseForm()
@@ -315,7 +315,7 @@ func (h *HttpHandler) TokenExchange(tokenExchangeEndpoint string, handler func(c
 	})
 }
 
-func (h *HttpHandler) Userinfo(userinfoEndpoint string, handler func(ctx context.Context, req *x_oidc.UserinfoReq, r *http.Request) (*model.UserInfo, error)) {
+func (h *HttpWrapper) Userinfo(userinfoEndpoint string, handler func(ctx context.Context, req *x_oidc.UserinfoReq, r *http.Request) (*model.UserInfo, error)) {
 	h.handler.HandleFunc(userinfoEndpoint, func(w http.ResponseWriter, r *http.Request) {
 		var userinfoReq x_oidc.UserinfoReq
 		r.ParseForm()
@@ -340,7 +340,7 @@ func (h *HttpHandler) Userinfo(userinfoEndpoint string, handler func(ctx context
 	})
 }
 
-func (h *HttpHandler) AuthorizeCallback(authorizeCallbackEndpoint string, handler func(ctx context.Context, req *x_oidc.AuthorizeCallbackReq) (callbackUrl string, err error)) {
+func (h *HttpWrapper) AuthorizeCallback(authorizeCallbackEndpoint string, handler func(ctx context.Context, req *x_oidc.AuthorizeCallbackReq) (callbackUrl string, err error)) {
 	h.handler.HandleFunc(authorizeCallbackEndpoint, func(w http.ResponseWriter, r *http.Request) {
 
 		var authorizeCallbackReq x_oidc.AuthorizeCallbackReq

example/server/handler/login.go → example/server/httpwrapper/login.go

@@ -1,4 +1,4 @@
-package handler
+package httpwrapper
 
 import (
 	"embed"
@@ -13,7 +13,7 @@ var (
 	templates  = template.Must(template.ParseFS(templateFS, "templates/*.html"))
 )
 
-func (h *HttpHandler) login() {
+func (h *HttpWrapper) login() {
 	h.handler.HandleFunc("/login", func(w http.ResponseWriter, r *http.Request) {
 		err := r.ParseForm()
 		if err != nil {
@@ -22,8 +22,7 @@ func (h *HttpHandler) login() {
 		}
 		if r.Method == "GET" {
 			templates.ExecuteTemplate(w, "login", map[string]string{
-				"ID":    r.Form.Get("request_id"),
-				"Error": "",
+				"ID": r.Form.Get("request_id"),
 			})
 		}
 	})

example/server/httpwrapper/templates/login.html

@@ -0,0 +1,23 @@
+{{ define "login" -}}
+<!DOCTYPE html>
+<html>
+    <head>
+        <meta charset="UTF-8">
+        <title>Login</title>
+    </head>
+    <body style="display: flex; align-items: center; justify-content: center; height: 100vh;">
+        <form method="POST" action="/callback" style="height: 200px; width: 400px;">
+            <input type="hidden" name="id" value="{{.ID}}">
+            <div>
+                <label for="username">Username:</label>
+                <input id="username" name="username" style="width: 100%;height: 40px">
+            </div>
+            <div>
+                <label for="password">Password:(Correct password:test)</label>
+                <input id="password" type="password" name="password" style="width: 100%;height: 40px">
+            </div>
+            <button type="submit">Login</button>
+        </form>
+    </body>
+</html>`
+{{- end }}

example/server/main.go

@@ -3,23 +3,23 @@ package main
 import (
 	"github.com/go-jose/go-jose/v3"
 	x_oidc "github.com/xslasd/x-oidc"
-	"github.com/xslasd/x-oidc/crypto"
-	"github.com/xslasd/x-oidc/example/server/handler"
+	"github.com/xslasd/x-oidc/example/server/httpwrapper"
 	"github.com/xslasd/x-oidc/example/server/storage"
+	"github.com/xslasd/x-oidc/util"
 )
 
 func main() {
-	httpHandler := handler.NewHttpHandler(":8080")
-	cr, err := crypto.NewJoseRSAJWT("private.pem", jose.RS256)
+	httpHandler := httpwrapper.NewHttpHandler(":8080")
+	cr, err := util.NewJoseRSAJWT("private.pem", jose.RS256)
 	if err != nil {
 		panic(err)
 	}
 	_, err = x_oidc.NewOpenIDProvider(
 		&x_oidc.Config{
-			Issuer:  "http://localhost:8080",
-			Handler: httpHandler,
-			Storage: storage.NewStorage(),
-			Crypto:  cr,
+			Issuer:        "http://localhost:8080",
+			OpenIDWrapper: httpHandler,
+			Storage:       storage.NewStorage(),
+			Crypto:        cr,
 		},
 		x_oidc.WithAllowInsecure(true),
 	)

model/tokenclaims.go

@@ -79,7 +79,7 @@ func (t *TokenClaims) CheckAuthorizationContextClassReference(acr string) error
 type JWTClientTokenClaims struct {
 	Issuer    string   `json:"iss"`
 	Subject   string   `json:"sub"`
-	Audience  []string `json:"aud"` //todo array or string
+	Audience  Audience `json:"aud"`
 	IssuedAt  int64    `json:"iat"`
 	ExpiresAt int64    `json:"exp"`