internal/flows/jwt_bearer.go

@@ -51,9 +51,6 @@ func NewJwtBearerFlow(eps JwtBearerFlowEndpoints, params JwtBearerFlowParams) (s
 	if client == nil {
 		return "", fmt.Errorf("invalid client (client is nil)")
 	}
-	if verbose {
-		fmt.Printf("ID token (IDP): %s\n access token (IDP): %s", accessToken, idToken)
-	}
 	if accessToken != "" {
 		_, err := jws.Verify([]byte(accessToken), jws.WithKeySet(client.Provider.KeySet), jws.WithValidateKey(true))
 		if err != nil {

internal/oauth/authenticate.go

@@ -109,14 +109,12 @@ func (client *Client) FetchTokenFromAuthenticationServer(code string, state stri
 	}
 	res, err := http.PostForm(client.Provider.Endpoints.Token, body)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get ID token: %v", err)
+		return nil, fmt.Errorf("failed to get ID token: %s", err)
 	}
-	b, err := io.ReadAll(res.Body)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read response body: %v", err)
-	}
-	fmt.Printf("%s\n", string(b))
 	defer res.Body.Close()
 
-	return b, nil
+	// domain, _ := url.Parse("http://127.0.0.1")
+	// client.Jar.SetCookies(domain, res.Cookies())
+
+	return io.ReadAll(res.Body)
 }

internal/server/server.go

@@ -141,47 +141,38 @@ func (s *Server) StartLogin(clients []oauth.Client, params ServerParams) error {
 			p    = params.AuthProvider
 			jwks []byte
 		)
-
+		// try and get the JWKS from param first
-		fetchAndMarshal := func() (err error) {
+		if p.Endpoints.JwksUri != "" {
-			err = p.FetchJwks()
+			err := p.FetchJwks()
 			if err != nil {
-				fmt.Printf("failed to fetch keys: %v\n", err)
+				fmt.Printf("failed to fetch keys using JWKS url...trying to fetch config and try again...\n")
-				return
 			}
 			jwks, err = json.Marshal(p.KeySet)
 			if err != nil {
 				fmt.Printf("failed to marshal JWKS: %v\n", err)
 			}
-			return
+		} else if p.Endpoints.Config != "" && jwks == nil {
-		}
+			// otherwise, try and fetch the whole config and try again
-
+			err := p.FetchServerConfig()
-		// try and get the JWKS from param first
+			if err != nil {
-		if p.Endpoints.JwksUri != "" {
-			if err := fetchAndMarshal(); err != nil {
-				w.Write(jwks)
-				return
-			}
-		}
-
-		// otherwise or if fetching the JWKS failed, try and fetch the whole config first and try again
-		if p.Endpoints.Config != "" {
-			if err := p.FetchServerConfig(); err != nil {
 				fmt.Printf("failed to fetch server config: %v\n", err)
-				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+				http.Redirect(w, r, "/error", http.StatusInternalServerError)
+				return
+			}
+			err = p.FetchJwks()
+			if err != nil {
+				fmt.Printf("failed to fetch JWKS after fetching server config: %v\n", err)
+				http.Redirect(w, r, "/error", http.StatusInternalServerError)
 				return
 			}
-		} else {
-			fmt.Printf("getting JWKS from param failed and endpoints config unavailable\n")
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-			return
 		}
 
-		if err := fetchAndMarshal(); err != nil {
+		// forward the JWKS from the authorization server
-			fmt.Printf("failed to fetch and marshal JWKS after config update: %v\n", err)
+		if jwks == nil {
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			fmt.Printf("no JWKS was fetched from authorization server\n")
+			http.Redirect(w, r, "/error", http.StatusInternalServerError)
 			return
 		}
-
 		w.Write(jwks)
 	})
 	r.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {