Merge pull request #79 from okta/update_jwx

Update jwx package.

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## v1.2.1 (February 16, 2022)
+
+### Updates
+
+* Update JWX package. Thanks, [@thomassampson](https://github.com/thomassampson)!
+
 ## v1.2.0 (February 16, 2022)
 
 ### Updates
@@ -11,7 +17,7 @@
 
 ### Updates
 
-- Fixed edge cause with `aud` claim that would not find Auth0 being JWTs valid (thank you @awrenn).
+- Fixed edge cause with `aud` claim that would not find Auth0 being JWTs valid. Thanks [@awrenn](https://github.com/awrenn)!
 - Updated readme with testing notes.
 - Ran `gofumpt` on code for clean up.
 

adaptors/lestrratGoJwx/lestrratGoJwx.go

@@ -74,7 +74,7 @@ func (lgj *LestrratGoJwx) Decode(jwt string, jwkUri string) (interface{}, error)
 
 	var claims interface{}
 	if err := json.Unmarshal(token, &claims); err != nil {
-		return nil, fmt.Errorf("could not unmarshal claims: %s", err.Error())
+		return nil, fmt.Errorf("could not unmarshal claims: %w", err)
 	}
 
 	return claims, nil

go.mod

@@ -1,8 +1,12 @@
 module github.com/okta/okta-jwt-verifier-golang
 
 require (
-	github.com/lestrrat-go/jwx v1.1.1
+	github.com/lestrrat-go/codegen v1.0.0 // indirect
+	github.com/lestrrat-go/jwx v1.2.18
+	github.com/lestrrat-go/pdebug/v3 v3.0.1 // indirect
 	github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627
+	golang.org/x/mod v0.4.1 // indirect
+	golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963 // indirect
 )
 
 go 1.15

go.sum

@@ -1,16 +1,29 @@
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d h1:1iy2qD6JEhHKKhUOA9IWs7mjco7lnw2qx8FsRI2wirE=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/goccy/go-json v0.3.5 h1:HqrLjEWx7hD62JRhBh+mHv+rEEzBANIu6O0kbDlaLzU=
 github.com/goccy/go-json v0.3.5/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.9.4 h1:L8MLKG2mvVXiQu07qB6hmfqeSYQdOnqPot2GhsIwIaI=
+github.com/goccy/go-json v0.9.4/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/lestrrat-go/backoff/v2 v2.0.7 h1:i2SeK33aOFJlUNJZzf2IpXRBvqBBnaGXfY5Xaop/GsE=
 github.com/lestrrat-go/backoff/v2 v2.0.7/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
+github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
+github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
+github.com/lestrrat-go/blackmagic v1.0.0 h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=
+github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
 github.com/lestrrat-go/codegen v1.0.0/go.mod h1:JhJw6OQAuPEfVKUCLItpaVLumDGWQznd1VaXrBk9TdM=
 github.com/lestrrat-go/httpcc v1.0.0 h1:FszVC6cKfDvBKcJv646+lkh4GydQg2Z29scgUfkOpYc=
 github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++0Gf8MBnAvE=
 github.com/lestrrat-go/iter v1.0.0 h1:QD+hHQPDSHC4rCJkZYY/yXChYr/vjfBopKekTc+7l4Q=
 github.com/lestrrat-go/iter v1.0.0/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
+github.com/lestrrat-go/iter v1.0.1 h1:q8faalr2dY6o8bV45uwrxq12bRa1ezKrB6oM9FUgN4A=
+github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
 github.com/lestrrat-go/jwx v1.1.1 h1:L7TqffHhO0qSyUcDGfCkDV42GQMp9fNOBi/zFOigMEY=
 github.com/lestrrat-go/jwx v1.1.1/go.mod h1:vn9FzD6gJtKkgYs7RTKV7CjWtEka8F/voUollhnn4QE=
+github.com/lestrrat-go/jwx v1.2.18 h1:RV4hcTRUlPVYUnGqATKXEojoOsLexoU8Na4KheVzxQ8=
+github.com/lestrrat-go/jwx v1.2.18/go.mod h1:bWTBO7IHHVMtNunM8so9MT8wD+euEY1PzGEyCnuI2qM=
 github.com/lestrrat-go/option v0.0.0-20210103042652-6f1ecfceda35/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
@@ -26,6 +39,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

jwtverifier.go

@@ -61,7 +61,7 @@ type Jwt struct {
 func fetchMetaData(url string) (interface{}, error) {
 	resp, err := http.Get(url)
 	if err != nil {
-		return nil, fmt.Errorf("request for metadata was not successful: %s", err.Error())
+		return nil, fmt.Errorf("request for metadata was not successful: %w", err)
 	}
 	defer resp.Body.Close()
 
@@ -103,7 +103,7 @@ func (j *JwtVerifier) SetLeeway(duration string) {
 func (j *JwtVerifier) VerifyAccessToken(jwt string) (*Jwt, error) {
 	validJwt, err := j.isValidJwt(jwt)
 	if !validJwt {
-		return nil, fmt.Errorf("token is not valid: %s", err.Error())
+		return nil, fmt.Errorf("token is not valid: %w", err)
 	}
 
 	resp, err := j.decodeJwt(jwt)
@@ -119,27 +119,27 @@ func (j *JwtVerifier) VerifyAccessToken(jwt string) (*Jwt, error) {
 
 	err = j.validateIss(token["iss"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Issuer` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Issuer` was not able to be validated. %w", err)
 	}
 
 	err = j.validateAudience(token["aud"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Audience` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Audience` was not able to be validated. %w", err)
 	}
 
 	err = j.validateClientId(token["cid"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Client Id` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Client Id` was not able to be validated. %w", err)
 	}
 
 	err = j.validateExp(token["exp"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Expiration` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Expiration` was not able to be validated. %w", err)
 	}
 
 	err = j.validateIat(token["iat"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Issued At` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Issued At` was not able to be validated. %w", err)
 	}
 
 	return &myJwt, nil
@@ -156,7 +156,7 @@ func (j *JwtVerifier) decodeJwt(jwt string) (interface{}, error) {
 	}
 	resp, err := j.Adaptor.Decode(jwt, jwksURI)
 	if err != nil {
-		return nil, fmt.Errorf("could not decode token: %s", err.Error())
+		return nil, fmt.Errorf("could not decode token: %w", err)
 	}
 
 	return resp, nil
@@ -165,7 +165,7 @@ func (j *JwtVerifier) decodeJwt(jwt string) (interface{}, error) {
 func (j *JwtVerifier) VerifyIdToken(jwt string) (*Jwt, error) {
 	validJwt, err := j.isValidJwt(jwt)
 	if !validJwt {
-		return nil, fmt.Errorf("token is not valid: %s", err.Error())
+		return nil, fmt.Errorf("token is not valid: %w", err)
 	}
 
 	resp, err := j.decodeJwt(jwt)
@@ -181,27 +181,27 @@ func (j *JwtVerifier) VerifyIdToken(jwt string) (*Jwt, error) {
 
 	err = j.validateIss(token["iss"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Issuer` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Issuer` was not able to be validated. %w", err)
 	}
 
 	err = j.validateAudience(token["aud"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Audience` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Audience` was not able to be validated. %w", err)
 	}
 
 	err = j.validateExp(token["exp"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Expiration` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Expiration` was not able to be validated. %w", err)
 	}
 
 	err = j.validateIat(token["iat"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Issued At` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Issued At` was not able to be validated. %w", err)
 	}
 
 	err = j.validateNonce(token["nonce"])
 	if err != nil {
-		return &myJwt, fmt.Errorf("the `Nonce` was not able to be validated. %s", err.Error())
+		return &myJwt, fmt.Errorf("the `Nonce` was not able to be validated. %w", err)
 	}
 
 	return &myJwt, nil