diff --git a/.github/workflows/oidc-conformity.yml b/.github/workflows/oidc-conformity.yml index 1c7ecdd05..8125cfbc0 100644 --- a/.github/workflows/oidc-conformity.yml +++ b/.github/workflows/oidc-conformity.yml @@ -13,8 +13,8 @@ jobs: uses: actions/checkout@v2 with: fetch-depth: 2 - repository: ory/hydra - ref: master + repository: mitar/hydra + ref: fosite-jose - uses: actions/setup-go@v2 with: go-version: "1.21" diff --git a/authorize_request_handler.go b/authorize_request_handler.go index 61b5d957a..6f4b422b1 100644 --- a/authorize_request_handler.go +++ b/authorize_request_handler.go @@ -10,7 +10,7 @@ import ( "net/http" "strings" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "go.opentelemetry.io/otel/trace" "github.com/ory/fosite/i18n" diff --git a/authorize_request_handler_oidc_request_test.go b/authorize_request_handler_oidc_request_test.go index f8a2636c5..97cc04749 100644 --- a/authorize_request_handler_oidc_request_test.go +++ b/authorize_request_handler_oidc_request_test.go @@ -16,7 +16,7 @@ import ( "github.com/pkg/errors" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/client.go b/client.go index b40149671..d2cda9da9 100644 --- a/client.go +++ b/client.go @@ -4,7 +4,7 @@ package fosite import ( - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" ) // Client represents a client or an app. diff --git a/client_authentication.go b/client_authentication.go index 251509199..4214b9a7a 100644 --- a/client_authentication.go +++ b/client_authentication.go @@ -16,7 +16,7 @@ import ( "github.com/ory/x/errorsx" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/pkg/errors" "github.com/ory/fosite/token/jwt" diff --git a/client_authentication_jwks_strategy.go b/client_authentication_jwks_strategy.go index 3e90cb89b..b42693b49 100644 --- a/client_authentication_jwks_strategy.go +++ b/client_authentication_jwks_strategy.go @@ -13,7 +13,7 @@ import ( "github.com/ory/x/errorsx" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" ) const defaultJWKSFetcherStrategyCachePrefix = "github.com/ory/fosite.DefaultJWKSFetcherStrategy:" diff --git a/client_authentication_jwks_strategy_test.go b/client_authentication_jwks_strategy_test.go index 93ce74710..040d9156d 100644 --- a/client_authentication_jwks_strategy_test.go +++ b/client_authentication_jwks_strategy_test.go @@ -17,7 +17,7 @@ import ( "github.com/ory/fosite/internal/gen" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/client_authentication_test.go b/client_authentication_test.go index aee4d6b59..2ddd9da51 100644 --- a/client_authentication_test.go +++ b/client_authentication_test.go @@ -20,7 +20,7 @@ import ( "github.com/ory/fosite/internal/gen" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/go.mod b/go.mod index 39519fea3..15f3352d4 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 github.com/cristalhq/jwt/v4 v4.0.2 github.com/dgraph-io/ristretto v1.0.0 - github.com/go-jose/go-jose/v3 v3.0.3 + github.com/go-jose/go-jose/v4 v4.0.5 github.com/google/uuid v1.6.0 github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.5.0 @@ -18,11 +18,11 @@ require ( github.com/ory/x v0.0.677 github.com/parnurzeal/gorequest v0.2.15 github.com/pkg/errors v0.9.1 - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.10.0 github.com/tidwall/gjson v1.14.3 go.opentelemetry.io/otel/trace v1.32.0 go.uber.org/mock v0.5.0 - golang.org/x/crypto v0.31.0 + golang.org/x/crypto v0.32.0 golang.org/x/net v0.33.0 golang.org/x/oauth2 v0.23.0 golang.org/x/text v0.21.0 @@ -76,7 +76,7 @@ require ( go.opentelemetry.io/proto/otlp v1.3.1 // indirect golang.org/x/mod v0.18.0 // indirect golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.28.0 // indirect + golang.org/x/sys v0.29.0 // indirect golang.org/x/tools v0.22.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect diff --git a/go.sum b/go.sum index af36927c0..51e87dbeb 100644 --- a/go.sum +++ b/go.sum @@ -91,8 +91,8 @@ github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbS github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= +github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -163,7 +163,6 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= @@ -396,8 +395,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/tidwall/gjson v1.14.3 h1:9jvXn7olKEHU1S9vwoMGliaT8jq1vJ7IH/n9zD9Dnlw= @@ -477,9 +476,8 @@ golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -556,7 +554,6 @@ golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -635,18 +632,14 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -657,7 +650,6 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/handler/rfc7523/handler.go b/handler/rfc7523/handler.go index 921642912..f41bc257f 100644 --- a/handler/rfc7523/handler.go +++ b/handler/rfc7523/handler.go @@ -10,10 +10,11 @@ import ( "github.com/ory/fosite/handler/oauth2" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/ory/fosite" + fositeJWT "github.com/ory/fosite/token/jwt" "github.com/ory/x/errorsx" ) @@ -51,7 +52,7 @@ func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite return errorsx.WithStack(fosite.ErrInvalidRequest.WithHintf("The assertion request parameter must be set when using grant_type of '%s'.", grantTypeJWTBearer)) } - token, err := jwt.ParseSigned(assertion) + token, err := jwt.ParseSigned(assertion, fositeJWT.SupportedSignatureAlgorithms) if err != nil { return errorsx.WithStack(fosite.ErrInvalidGrant. WithHint("Unable to parse JSON Web Token passed in \"assertion\" request parameter."). diff --git a/handler/rfc7523/handler_test.go b/handler/rfc7523/handler_test.go index af5578e2e..e7889383d 100644 --- a/handler/rfc7523/handler_test.go +++ b/handler/rfc7523/handler_test.go @@ -18,8 +18,8 @@ import ( "github.com/ory/fosite/handler/oauth2" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/stretchr/testify/suite" gomock "go.uber.org/mock/gomock" @@ -760,7 +760,7 @@ func (s *AuthorizeJWTGrantRequestHandlerTestSuite) createTestAssertion(cl jwt.Cl s.FailNowf("failed to create test assertion", "failed to create signer: %s", err.Error()) } - raw, err := jwt.Signed(sig).Claims(cl).CompactSerialize() + raw, err := jwt.Signed(sig).Claims(cl).Serialize() if err != nil { s.FailNowf("failed to create test assertion", "failed to sign assertion: %s", err.Error()) } diff --git a/handler/rfc7523/storage.go b/handler/rfc7523/storage.go index 60da159a4..b7a6f34df 100644 --- a/handler/rfc7523/storage.go +++ b/handler/rfc7523/storage.go @@ -7,7 +7,7 @@ import ( "context" "time" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" ) // RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants. diff --git a/integration/authorize_jwt_bearer_required_iat_test.go b/integration/authorize_jwt_bearer_required_iat_test.go index a63e453f2..6d22c4922 100644 --- a/integration/authorize_jwt_bearer_required_iat_test.go +++ b/integration/authorize_jwt_bearer_required_iat_test.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/require" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4/jwt" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" diff --git a/integration/authorize_jwt_bearer_required_jti_test.go b/integration/authorize_jwt_bearer_required_jti_test.go index 5938dcb5e..26e356227 100644 --- a/integration/authorize_jwt_bearer_required_jti_test.go +++ b/integration/authorize_jwt_bearer_required_jti_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4/jwt" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" diff --git a/integration/authorize_jwt_bearer_test.go b/integration/authorize_jwt_bearer_test.go index 7d44888f0..11f0b1623 100644 --- a/integration/authorize_jwt_bearer_test.go +++ b/integration/authorize_jwt_bearer_test.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/require" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4/jwt" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" diff --git a/integration/clients/jwt_bearer.go b/integration/clients/jwt_bearer.go index 6dbfd3fe6..a8bb23702 100644 --- a/integration/clients/jwt_bearer.go +++ b/integration/clients/jwt_bearer.go @@ -12,8 +12,8 @@ import ( "net/url" "strings" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" ) // #nosec:gosec G101 - False Positive @@ -69,7 +69,7 @@ func (c *JWTBearer) GetToken(ctx context.Context, payloadData *JWTBearerPayload, Claims(payloadData.Claims). Claims(payloadData.PrivateClaims) - assertion, err := builder.CompactSerialize() + assertion, err := builder.Serialize() if err != nil { return nil, err } diff --git a/integration/helper_setup_test.go b/integration/helper_setup_test.go index 5034c4c31..99bd5188c 100644 --- a/integration/helper_setup_test.go +++ b/integration/helper_setup_test.go @@ -15,7 +15,7 @@ import ( "github.com/ory/fosite/internal" "github.com/ory/fosite/internal/gen" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/gorilla/mux" goauth "golang.org/x/oauth2" "golang.org/x/oauth2/clientcredentials" diff --git a/integration/introspect_jwt_bearer_token_test.go b/integration/introspect_jwt_bearer_token_test.go index a4cc5f7e1..ea384686c 100644 --- a/integration/introspect_jwt_bearer_token_test.go +++ b/integration/introspect_jwt_bearer_token_test.go @@ -12,7 +12,7 @@ import ( "github.com/stretchr/testify/require" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4/jwt" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" diff --git a/internal/oauth2_auth_jwt_storage.go b/internal/oauth2_auth_jwt_storage.go index e7e4398bb..9f355d766 100644 --- a/internal/oauth2_auth_jwt_storage.go +++ b/internal/oauth2_auth_jwt_storage.go @@ -17,7 +17,7 @@ import ( reflect "reflect" time "time" - jose "github.com/go-jose/go-jose/v3" + jose "github.com/go-jose/go-jose/v4" gomock "go.uber.org/mock/gomock" ) diff --git a/storage/memory.go b/storage/memory.go index 0b1cbfebe..02b53b160 100644 --- a/storage/memory.go +++ b/storage/memory.go @@ -9,7 +9,7 @@ import ( "sync" "time" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/google/uuid" "github.com/ory/fosite" diff --git a/token/jwt/jwt.go b/token/jwt/jwt.go index 9c5aa5775..c934e91ea 100644 --- a/token/jwt/jwt.go +++ b/token/jwt/jwt.go @@ -14,7 +14,7 @@ import ( "crypto/sha256" "strings" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/ory/x/errorsx" diff --git a/token/jwt/jwt_test.go b/token/jwt/jwt_test.go index 1939d7bba..1595417a8 100644 --- a/token/jwt/jwt_test.go +++ b/token/jwt/jwt_test.go @@ -10,7 +10,7 @@ import ( "testing" "time" - "github.com/go-jose/go-jose/v3" + "github.com/go-jose/go-jose/v4" "github.com/ory/fosite/internal/gen" diff --git a/token/jwt/map_claims.go b/token/jwt/map_claims.go index d4f75285c..b7969ff52 100644 --- a/token/jwt/map_claims.go +++ b/token/jwt/map_claims.go @@ -10,7 +10,7 @@ import ( "errors" "time" - jjson "github.com/go-jose/go-jose/v3/json" + jjson "github.com/go-jose/go-jose/v4/json" "github.com/ory/x/errorsx" ) diff --git a/token/jwt/token.go b/token/jwt/token.go index 85acab177..9161bb348 100644 --- a/token/jwt/token.go +++ b/token/jwt/token.go @@ -9,8 +9,8 @@ import ( "fmt" "reflect" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/ory/x/errorsx" ) @@ -37,6 +37,12 @@ const ( JWTHeaderTypeValue = "JWT" ) +var SupportedSignatureAlgorithms = []jose.SignatureAlgorithm{ + SigningMethodNone, + jose.EdDSA, jose.HS256, jose.HS384, jose.HS512, jose.RS256, jose.RS384, + jose.RS512, jose.ES256, jose.ES384, jose.ES512, jose.PS256, jose.PS384, jose.PS512, +} + type unsafeNoneMagicConstant string // Valid informs if the token was verified against a given verification key @@ -96,10 +102,10 @@ func (t *Token) SignedString(k interface{}) (rawToken string, err error) { // A explicit conversion from type alias MapClaims // to map[string]interface{} is required because the - // go-jose CompactSerialize() only support explicit maps + // go-jose Serialize() only support explicit maps // as claims or structs but not type aliases from maps. claims := map[string]interface{}(t.Claims) - rawToken, err = jwt.Signed(signer).Claims(claims).CompactSerialize() + rawToken, err = jwt.Signed(signer).Claims(claims).Serialize() if err != nil { err = &ValidationError{Errors: ValidationErrorClaimsInvalid, Inner: err} return @@ -163,7 +169,7 @@ func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) { // If everything is kosher, err will be nil func ParseWithClaims(rawToken string, claims MapClaims, keyFunc Keyfunc) (*Token, error) { // Parse the token. - parsedToken, err := jwt.ParseSigned(rawToken) + parsedToken, err := jwt.ParseSigned(rawToken, SupportedSignatureAlgorithms) if err != nil { return &Token{}, &ValidationError{Errors: ValidationErrorMalformed, text: err.Error()} } diff --git a/token/jwt/token_test.go b/token/jwt/token_test.go index e6c3cd583..ad50525c3 100644 --- a/token/jwt/token_test.go +++ b/token/jwt/token_test.go @@ -15,8 +15,8 @@ import ( "github.com/ory/fosite/internal/gen" - "github.com/go-jose/go-jose/v3" - "github.com/go-jose/go-jose/v3/jwt" + "github.com/go-jose/go-jose/v4" + "github.com/go-jose/go-jose/v4/jwt" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -54,7 +54,7 @@ func TestUnsignedToken(t *testing.T) { parts := strings.Split(rawToken, ".") require.Len(t, parts, 3) require.Empty(t, parts[2]) - tk, err := jwt.ParseSigned(rawToken) + tk, err := jwt.ParseSigned(rawToken, SupportedSignatureAlgorithms) require.NoError(t, err) require.Len(t, tk.Headers, 1) require.Equal(t, tc.expectedType, tk.Headers[0].ExtraHeaders[jose.HeaderKey("typ")]) @@ -82,7 +82,7 @@ func TestJWTHeaders(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { rawToken := makeSampleTokenWithCustomHeaders(nil, jose.RS256, tc.jwtHeaders, gen.MustRSAKey()) - tk, err := jwt.ParseSigned(rawToken) + tk, err := jwt.ParseSigned(rawToken, SupportedSignatureAlgorithms) require.NoError(t, err) require.Len(t, tk.Headers, 1) require.Equal(t, tk.Headers[0].Algorithm, "RS256")