Refactored and reorganized code

internal/oidc/oidc.go

@@ -1,38 +1,100 @@
 package oidc
 
-import "fmt"
+import (
+	"context"
+	"fmt"
 
-type OpenIDConnectProvider struct {
-	Host              string
-	Port              int
-	AuthorizeEndpoint string
-	TokenEndpoint     string
-	ConfigEndpoint    string
+	"github.com/lestrrat-go/jwx/jwk"
+)
+
+type IdentityProvider struct {
+	Issuer    string    `json:"issuer" yaml:"issuer"`
+	Endpoints Endpoints `json:"endpoints" yaml:"endpoints"`
+	Supported Supported `json:"supported" yaml:"supported"`
+	Key       jwk.Key
 }
 
-func NewOIDCProvider() *OpenIDConnectProvider {
-	return &OpenIDConnectProvider{
-		Host:              "127.0.0.1",
-		Port:              80,
-		AuthorizeEndpoint: "/oauth/authorize",
-		TokenEndpoint:     "/oauth/token",
+type Endpoints struct {
+	Authorize     string `json:"authorize_endpoint" yaml:"authorize"`
+	Token         string `json:"token_endpoint" yaml:"token"`
+	Revocation    string `json:"revocation_endpoint" yaml:"revocation"`
+	Introspection string `json:"introspection_endpoint" yaml:"introspection"`
+	UserInfo      string `json:"userinfo_endpoint" yaml:"userinfo"`
+	Jwks          string `json:"jwks_uri" yaml:"jwks_uri"`
+}
+type Supported struct {
+	ResponseTypes            []string `json:"response_types_supported"`
+	ResponseModes            []string `json:"response_modes_supported"`
+	GrantTypes               []string `json:"grant_types_supported"`
+	TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
+	SubjectTypes             []string `json:"subject_types_supported"`
+	IdTokenSigningAlgValues  []string `json:"id_token_signing_alg_values_supported"`
+	ClaimTypes               []string `json:"claim_types_supported"`
+	Claims                   []string `json:"claims_supported"`
+}
+
+func NewIdentityProvider() *IdentityProvider {
+	p := &IdentityProvider{Issuer: "127.0.0.1"}
+	p.Endpoints = Endpoints{
+		Authorize:     p.Issuer + "/oauth/authorize",
+		Token:         p.Issuer + "/oauth/token",
+		Revocation:    p.Issuer + "/oauth/revocation",
+		Introspection: p.Issuer + "/oauth/introspect",
+		UserInfo:      p.Issuer + "/oauth/userinfo",
+		Jwks:          p.Issuer + "/oauth/discovery/keys",
 	}
-}
-
-func (oidc *OpenIDConnectProvider) GetAuthorizeUrl() string {
-	if oidc.Port != 80 {
-		return fmt.Sprintf("%s:%d", oidc.Host, oidc.Port) + oidc.AuthorizeEndpoint
+	p.Supported = Supported{
+		ResponseTypes: []string{"code"},
+		ResponseModes: []string{"query"},
+		GrantTypes: []string{
+			"authorization_code",
+			"client_credentials",
+			"refresh_token",
+		},
+		TokenEndpointAuthMethods: []string{
+			"client_secret_basic",
+			"client_secret_post",
+		},
+		SubjectTypes:            []string{"public"},
+		IdTokenSigningAlgValues: []string{"RS256"},
+		ClaimTypes:              []string{"normal"},
+		Claims: []string{
+			"iss",
+			"sub",
+			"aud",
+			"exp",
+			"iat",
+		},
 	}
-	return oidc.Host + oidc.AuthorizeEndpoint
+	return p
 }
 
-func (oidc *OpenIDConnectProvider) GetTokenUrl() string {
-	if oidc.Port != 80 {
-		return fmt.Sprintf("%s:%d", oidc.Host, oidc.Port) + oidc.TokenEndpoint
-	}
-	return oidc.Host + oidc.TokenEndpoint
-}
-
-func (oidc *OpenIDConnectProvider) FetchServerConfiguration(url string) {
+func (p *IdentityProvider) FetchServerConfig(url string) {
 	// make a request to a server's openid-configuration
 }
+
+func (p *IdentityProvider) FetchJwk(url string) error {
+	//
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	set, err := jwk.Fetch(ctx, url)
+	if err != nil {
+		return fmt.Errorf("%v", err)
+	}
+	// get the first JWK from set
+	for it := set.Iterate(context.Background()); it.Next(context.Background()); {
+		pair := it.Pair()
+		p.Key = pair.Value.(jwk.Key)
+		return nil
+	}
+
+	return fmt.Errorf("failed to load public key: %v", err)
+}
+
+func (p *IdentityProvider) GetRawJwk() (any, error) {
+	var rawkey any
+	if err := p.Key.Raw(&rawkey); err != nil {
+		return nil, fmt.Errorf("failed to get raw key: %v", err)
+	}
+	return rawkey, nil
+}