- the PR for coreos go-oidc has been merged so we can move off the hacked version now

Godeps/Godeps.json

@@ -12,6 +12,26 @@
 			"Comment": "1.2.0-187-gc31a797",
 			"Rev": "c31a7975863e7810c92e2e288a9ab074f9a88f29"
 		},
+		{
+			"ImportPath": "github.com/coreos/go-oidc/http",
+			"Rev": "ab755faafbbf1c916d3af347d6c730a18fc02652"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-oidc/jose",
+			"Rev": "ab755faafbbf1c916d3af347d6c730a18fc02652"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-oidc/key",
+			"Rev": "ab755faafbbf1c916d3af347d6c730a18fc02652"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-oidc/oauth2",
+			"Rev": "ab755faafbbf1c916d3af347d6c730a18fc02652"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-oidc/oidc",
+			"Rev": "ab755faafbbf1c916d3af347d6c730a18fc02652"
+		},
 		{
 			"ImportPath": "github.com/coreos/go-systemd/journal",
 			"Comment": "v4-40-g2ed5b50",
@@ -37,26 +57,6 @@
 			"ImportPath": "github.com/davecgh/go-spew/spew",
 			"Rev": "5215b55f46b2b919f50a1df0eaa5886afe4e3b3d"
 		},
-		{
-			"ImportPath": "github.com/gambol99/go-oidc/http",
-			"Rev": "1065ae3e00802992e6007decd79278ad714fd94a"
-		},
-		{
-			"ImportPath": "github.com/gambol99/go-oidc/jose",
-			"Rev": "1065ae3e00802992e6007decd79278ad714fd94a"
-		},
-		{
-			"ImportPath": "github.com/gambol99/go-oidc/key",
-			"Rev": "1065ae3e00802992e6007decd79278ad714fd94a"
-		},
-		{
-			"ImportPath": "github.com/gambol99/go-oidc/oauth2",
-			"Rev": "1065ae3e00802992e6007decd79278ad714fd94a"
-		},
-		{
-			"ImportPath": "github.com/gambol99/go-oidc/oidc",
-			"Rev": "1065ae3e00802992e6007decd79278ad714fd94a"
-		},
 		{
 			"ImportPath": "github.com/gin-gonic/gin",
 			"Comment": "v1.0rc1-148-g52fcc5d",

Godeps/_workspace/src/github.com/coreos/go-oidc/http/client.go

+package http
+
+import "net/http"
+
+type Client interface {
+	Do(*http.Request) (*http.Response, error)
+}

Godeps/_workspace/src/github.com/gambol99/go-oidc/http/http.go → Godeps/_workspace/src/github.com/coreos/go-oidc/http/http.go

@@ -15,7 +15,7 @@ import (
 )
 
 var (
-	log = capnslog.NewPackageLogger("github.com/gambol99/go-oidc", "http")
+	log = capnslog.NewPackageLogger("github.com/coreos/go-oidc", "http")
 )
 
 func WriteError(w http.ResponseWriter, code int, msg string) {
@@ -115,14 +115,8 @@ func expires(date, expires string) (time.Duration, bool, error) {
 	return ttl, true, nil
 }
 
-// Cacheable checks for cache-control header in the keys response and grabs the expiration
 func Cacheable(hdr http.Header) (time.Duration, bool, error) {
-	cacheHeader := hdr.Get("Cache-Control")
-	if cacheHeader == "" || cacheHeader == "no-cache" {
-		return time.Duration(2) * time.Hour, true, nil
-	}
-
-	ttl, ok, err := cacheControlMaxAge(cacheHeader)
+	ttl, ok, err := cacheControlMaxAge(hdr.Get("Cache-Control"))
 	if err != nil || ok {
 		return ttl, ok, err
 	}

Godeps/_workspace/src/github.com/gambol99/go-oidc/http/http_test.go → Godeps/_workspace/src/github.com/coreos/go-oidc/http/http_test.go

@@ -262,7 +262,7 @@ func TestCacheablePass(t *testing.T) {
 		// no caching headers
 		{
 			headers: http.Header{},
-			wantOK:  true,
+			wantOK:  false,
 		},
 	}
 

Godeps/_workspace/src/github.com/gambol99/go-oidc/jose/claims.go → Godeps/_workspace/src/github.com/coreos/go-oidc/jose/claims.go

@@ -3,6 +3,7 @@ package jose
 import (
 	"encoding/json"
 	"fmt"
+	"math"
 	"time"
 )
 
@@ -70,13 +71,33 @@ func (c Claims) Int64Claim(name string) (int64, bool, error) {
 	return v, true, nil
 }
 
+func (c Claims) Float64Claim(name string) (float64, bool, error) {
+	cl, ok := c[name]
+	if !ok {
+		return 0, false, nil
+	}
+
+	v, ok := cl.(float64)
+	if !ok {
+		vi, ok := cl.(int64)
+		if !ok {
+			return 0, false, fmt.Errorf("unable to parse claim as float64: %v", name)
+		}
+		v = float64(vi)
+	}
+
+	return v, true, nil
+}
+
 func (c Claims) TimeClaim(name string) (time.Time, bool, error) {
-	v, ok, err := c.Int64Claim(name)
+	v, ok, err := c.Float64Claim(name)
 	if !ok || err != nil {
 		return time.Time{}, ok, err
 	}
 
-	return time.Unix(v, 0).UTC(), true, nil
+	s := math.Trunc(v)
+	ns := (v - s) * math.Pow(10, 9)
+	return time.Unix(int64(s), int64(ns)).UTC(), true, nil
 }
 
 func decodeClaims(payload []byte) (Claims, error) {

Godeps/_workspace/src/github.com/gambol99/go-oidc/jose/jose.go → Godeps/_workspace/src/github.com/coreos/go-oidc/jose/jose.go

@@ -13,6 +13,57 @@ const (
 	HeaderKeyID        = "kid"
 )
 
+const (
+	// Encryption Algorithm Header Parameter Values for JWS
+	// See: https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#page-6
+	AlgHS256 = "HS256"
+	AlgHS384 = "HS384"
+	AlgHS512 = "HS512"
+	AlgRS256 = "RS256"
+	AlgRS384 = "RS384"
+	AlgRS512 = "RS512"
+	AlgES256 = "ES256"
+	AlgES384 = "ES384"
+	AlgES512 = "ES512"
+	AlgPS256 = "PS256"
+	AlgPS384 = "PS384"
+	AlgPS512 = "PS512"
+	AlgNone  = "none"
+)
+
+const (
+	// Algorithm Header Parameter Values for JWE
+	// See: https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-4.1
+	AlgRSA15            = "RSA1_5"
+	AlgRSAOAEP          = "RSA-OAEP"
+	AlgRSAOAEP256       = "RSA-OAEP-256"
+	AlgA128KW           = "A128KW"
+	AlgA192KW           = "A192KW"
+	AlgA256KW           = "A256KW"
+	AlgDir              = "dir"
+	AlgECDHES           = "ECDH-ES"
+	AlgECDHESA128KW     = "ECDH-ES+A128KW"
+	AlgECDHESA192KW     = "ECDH-ES+A192KW"
+	AlgECDHESA256KW     = "ECDH-ES+A256KW"
+	AlgA128GCMKW        = "A128GCMKW"
+	AlgA192GCMKW        = "A192GCMKW"
+	AlgA256GCMKW        = "A256GCMKW"
+	AlgPBES2HS256A128KW = "PBES2-HS256+A128KW"
+	AlgPBES2HS384A192KW = "PBES2-HS384+A192KW"
+	AlgPBES2HS512A256KW = "PBES2-HS512+A256KW"
+)
+
+const (
+	// Encryption Algorithm Header Parameter Values for JWE
+	// See: https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#page-22
+	EncA128CBCHS256 = "A128CBC-HS256"
+	EncA128CBCHS384 = "A128CBC-HS384"
+	EncA256CBCHS512 = "A256CBC-HS512"
+	EncA128GCM      = "A128GCM"
+	EncA192GCM      = "A192GCM"
+	EncA256GCM      = "A256GCM"
+)
+
 type JOSEHeader map[string]string
 
 func (j JOSEHeader) Validate() error {

Godeps/_workspace/src/github.com/gambol99/go-oidc/jose/jwk.go → Godeps/_workspace/src/github.com/coreos/go-oidc/jose/jwk.go

@@ -70,6 +70,10 @@ func (j *JWK) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+type JWKSet struct {
+	Keys []JWK `json:"keys"`
+}
+
 func decodeExponent(e string) (int, error) {
 	decE, err := decodeBase64URLPaddingOptional(e)
 	if err != nil {

Godeps/_workspace/src/github.com/gambol99/go-oidc/jose/sig.go → Godeps/_workspace/src/github.com/coreos/go-oidc/jose/sig.go

@@ -2,7 +2,6 @@ package jose
 
 import (
 	"fmt"
-	"strings"
 )
 
 type Verifier interface {
@@ -17,7 +16,7 @@ type Signer interface {
 }
 
 func NewVerifier(jwk JWK) (Verifier, error) {
-	if strings.ToUpper(jwk.Type) != "RSA" {
+	if jwk.Type != "RSA" {
 		return nil, fmt.Errorf("unsupported key type %q", jwk.Type)
 	}
 

Godeps/_workspace/src/github.com/gambol99/go-oidc/jose/sig_hmac.go → Godeps/_workspace/src/github.com/coreos/go-oidc/jose/sig_hmac.go

@@ -7,7 +7,6 @@ import (
 	_ "crypto/sha256"
 	"errors"
 	"fmt"
-	"strings"
 )
 
 type VerifierHMAC struct {
@@ -21,7 +20,7 @@ type SignerHMAC struct {
 }
 
 func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
-	if strings.ToUpper(jwk.Alg) != "HS256" {
+	if jwk.Alg != "" && jwk.Alg != "HS256" {
 		return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
 	}
 

Godeps/_workspace/src/github.com/gambol99/go-oidc/jose/sig_rsa.go → Godeps/_workspace/src/github.com/coreos/go-oidc/jose/sig_rsa.go

@@ -5,7 +5,6 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"fmt"
-	"strings"
 )
 
 type VerifierRSA struct {
@@ -20,7 +19,7 @@ type SignerRSA struct {
 }
 
 func NewVerifierRSA(jwk JWK) (*VerifierRSA, error) {
-	if strings.ToUpper(jwk.Alg) != "RS256" {
+	if jwk.Alg != "" && jwk.Alg != "RS256" {
 		return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
 	}