Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

return concrete types of Claims, using generics #280

Closed
muhlemmer opened this issue Feb 10, 2023 · 1 comment · Fixed by #283
Closed

return concrete types of Claims, using generics #280

muhlemmer opened this issue Feb 10, 2023 · 1 comment · Fixed by #283
Assignees
@muhlemmer
Labels
backend enhancement New feature or request
Milestone
v2

Comments

@muhlemmer
Copy link
Collaborator

muhlemmer commented Feb 10, 2023
edited
Loading

This change proposes the use of concrete struct types for Claims and descendant types, instead of interfaces. By usage of generics, we can let callers replace the standard types with custom type that carry additional properties. This would be a breaking change for the next branch.

rp package

In the rp package the following function will change their signature:

func VerifyTokens[C oidc.AccessTokenHashGetter](ctx context.Context, accessToken, idTokenString string, v IDTokenVerifier) (claims C, err error)
func VerifyIDToken[C oidc.Claims](ctx context.Context, token string, v IDTokenVerifier) (claims C, err error)

op package

In the op package the following functions will change their signature:

func VerifyIDTokenHint[C oidc.Claims](ctx context.Context, token string, v IDTokenHintVerifier) (claims C, err error)
func VerifyAccessToken[C oidc.Claims](ctx context.Context, token string, v AccessTokenVerifier) (claims C, err error)

oidc package

Above type parameters between square brackets ([]) define the minimum set of methods required to check validity of token claims. Aka, constraints. The existing Claims interfaces will be reused and supplemented with 2 methods:

  1. GetSignatureAlgorithm() jose.SignatureAlgorithm migrated from IDTokenClaims
  2. SetSignatureAlgorithm(jose.SignatureAlgorithm) migrated from ClaimsSignature

Although both methods are not required in all use-cases of Claims all the current existing implementations of Claims currently carry the signatureAlg field.

A new interface AccessTokenHashClaims with the GetAccessTokenHash() string method migrated from IDTokenClaims . Finally oidc will carry the following interface definitions, used as constraints:

type Claims interface {
	GetIssuer() string
	GetSubject() string
	GetAudience() []string
	GetExpiration() time.Time
	GetIssuedAt() time.Time
	GetNonce() string
	GetAuthenticationContextClassReference() string
	GetAuthTime() time.Time
	GetAuthorizedParty() string

	// new methods
	GetSignatureAlgorithm() jose.SignatureAlgorithm
	SetSignatureAlgorithm(jose.SignatureAlgorithm)
}

type AccessTokenHashClaims interface {
	Claims
	GetAccessTokenHash() string
}

The following interfaces can now be removed (their names will be reused):

  • AccessTokenClaims
  • IDTokenClaims
  • UserInfo
  • UserInfoProfile
  • UserInfoEmail
  • UserInfoPhone
  • UserInfoAddress
  • UserInfoSetter
  • UserInfoProfileSetter

In place, we will export the currently private struct types by taking the above names.

Example usage

If users want VerifyIDToken to return the predefined IDTokenClaims struct type:

claims, err := VerifyIDToken[*oidc.IDTokenClaims](ctx, token, v)

Or if their token caries additional claims, they can extend the type by struct embedding to gain direct access to those claims:

type customClaims struct {
	oidc.AccessTokenClaims
	Foo string `json:"foo"`
	Bar string `json:"bar"`
}

claims, err := VerifyIDToken[*customClaims](ctx, token, v)
@muhlemmer muhlemmer added enhancement New feature or request backend labels Feb 10, 2023
@muhlemmer muhlemmer added this to the v2 milestone Feb 10, 2023
@muhlemmer muhlemmer self-assigned this Feb 10, 2023
@hifabienne
Copy link
Member

@muhlemmer are you working on this? If yes can you please put it into progress?

@muhlemmer muhlemmer moved this to 🏗 In progress in Product Management Feb 14, 2023
@muhlemmer muhlemmer linked a pull request Mar 13, 2023 that will close this issue
refactor: use struct types for claim related types #283
Merged
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Product Management Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@muhlemmer muhlemmer

Labels
backend enhancement New feature or request
Projects
None yet
Milestone
v2
Development

Successfully merging a pull request may close this issue.

refactor: use struct types for claim related types zitadel/oidc
2 participants
@muhlemmer @hifabienne