[iam] Drop OIDC prefix from service, remove unused handler

Author: easyCZ

components/iam/pkg/oidc/oauth2.go

@@ -23,7 +23,7 @@ func OAuth2Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 		log.Trace("at oauth2 middleware")
 		ctx := r.Context()
-		config, ok := ctx.Value(keyOIDCClientConfig{}).(OIDCClientConfig)
+		config, ok := ctx.Value(keyOIDCClientConfig{}).(ClientConfig)
 		if !ok {
 			http.Error(rw, "config not found", http.StatusInternalServerError)
 			return

components/iam/pkg/oidc/router.go

@@ -16,7 +16,7 @@ import (
 	"github.com/go-chi/chi/v5"
 )
 
-func Router(oidcService *OIDCService) *chi.Mux {
+func Router(oidcService *Service) *chi.Mux {
 	router := chi.NewRouter()
 
 	router.Route("/start", func(r chi.Router) {
@@ -39,18 +39,18 @@ const (
 	nonceCookieName = "nonce"
 )
 
-func (oidcService *OIDCService) getStartHandler() http.HandlerFunc {
+func (s *Service) getStartHandler() http.HandlerFunc {
 	return func(rw http.ResponseWriter, r *http.Request) {
 		log.Trace("at start handler")
 
 		ctx := r.Context()
-		config, ok := ctx.Value(keyOIDCClientConfig{}).(OIDCClientConfig)
+		config, ok := ctx.Value(keyOIDCClientConfig{}).(ClientConfig)
 		if !ok {
 			http.Error(rw, "config not found", http.StatusInternalServerError)
 			return
 		}
 
-		startParams, err := oidcService.GetStartParams(&config)
+		startParams, err := s.GetStartParams(&config)
 		if err != nil {
 			http.Error(rw, "failed to start auth flow", http.StatusInternalServerError)
 			return
@@ -75,12 +75,12 @@ func newCallbackCookie(r *http.Request, name string, value string) *http.Cookie
 }
 
 // The config middleware is responsible to retrieve the client config suitable for request
-func (oidcService *OIDCService) clientConfigMiddleware() func(http.Handler) http.Handler {
+func (s *Service) clientConfigMiddleware() func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
 			log.Trace("at config middleware")
 
-			config, err := oidcService.GetClientConfigFromRequest(r)
+			config, err := s.GetClientConfigFromRequest(r)
 			if err != nil {
 				log.Warn("client config not found: " + err.Error())
 				http.Error(rw, "config not found", http.StatusNotFound)
@@ -94,12 +94,12 @@ func (oidcService *OIDCService) clientConfigMiddleware() func(http.Handler) http
 }
 
 // The OIDC callback handler depends on the state produced in the OAuth2 middleware
-func (oidcService *OIDCService) getCallbackHandler() http.HandlerFunc {
+func (s *Service) getCallbackHandler() http.HandlerFunc {
 	return func(rw http.ResponseWriter, r *http.Request) {
 		log.Trace("at callback handler")
 
 		ctx := r.Context()
-		config, ok := ctx.Value(keyOIDCClientConfig{}).(OIDCClientConfig)
+		config, ok := ctx.Value(keyOIDCClientConfig{}).(ClientConfig)
 		if !ok {
 			http.Error(rw, "config not found", http.StatusInternalServerError)
 			return
@@ -117,7 +117,7 @@ func (oidcService *OIDCService) getCallbackHandler() http.HandlerFunc {
 			return
 		}
 
-		result, err := oidcService.Authenticate(ctx, &oauth2Result,
+		result, err := s.Authenticate(ctx, &oauth2Result,
 			config.Issuer, nonceCookie.Value)
 		if err != nil {
 			http.Error(rw, "OIDC authentication failed", http.StatusInternalServerError)

components/iam/pkg/oidc/service.go

@@ -15,59 +15,56 @@ import (
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gitpod-io/gitpod/common-go/log"
-	"github.com/go-chi/chi/v5"
 	"golang.org/x/oauth2"
 )
 
-type OIDCService struct {
-	Handler chi.Router
-
-	configsById      map[string]*OIDCClientConfig
+type Service struct {
+	configsById      map[string]*ClientConfig
 	verifierByIssuer map[string]*oidc.IDTokenVerifier
 	providerByIssuer map[string]*oidc.Provider
 }
 
-type OIDCClientConfig struct {
+type ClientConfig struct {
 	ID           string
 	Issuer       string
 	OAuth2Config *oauth2.Config
 	OIDCConfig   *oidc.Config
 }
 
-type OIDCStartParams struct {
+type StartParams struct {
 	State       string
 	Nonce       string
 	AuthCodeURL string
 }
 
-type OIDCAuthResult struct {
+type AuthResult struct {
 	IDToken *oidc.IDToken
 }
 
-func NewOIDCService() *OIDCService {
-	var s OIDCService
-	s.configsById = make(map[string]*OIDCClientConfig)
-	s.verifierByIssuer = make(map[string]*oidc.IDTokenVerifier)
-	s.providerByIssuer = make(map[string]*oidc.Provider)
-	return &s
+func NewService() *Service {
+	return &Service{
+		configsById:      map[string]*ClientConfig{},
+		verifierByIssuer: map[string]*oidc.IDTokenVerifier{},
+		providerByIssuer: map[string]*oidc.Provider{},
+	}
 }
 
-func (service *OIDCService) AddClientConfig(config *OIDCClientConfig) error {
-	if service.providerByIssuer[config.Issuer] == nil {
+func (s *Service) AddClientConfig(config *ClientConfig) error {
+	if s.providerByIssuer[config.Issuer] == nil {
 		provider, err := oidc.NewProvider(context.Background(), config.Issuer)
 		if err != nil {
 			return errors.New("OIDC discovery failed: " + err.Error())
 		}
-		service.providerByIssuer[config.Issuer] = provider
-		service.verifierByIssuer[config.Issuer] = provider.Verifier(config.OIDCConfig)
+		s.providerByIssuer[config.Issuer] = provider
+		s.verifierByIssuer[config.Issuer] = provider.Verifier(config.OIDCConfig)
 	}
 
-	config.OAuth2Config.Endpoint = service.providerByIssuer[config.Issuer].Endpoint()
-	service.configsById[config.ID] = config
+	config.OAuth2Config.Endpoint = s.providerByIssuer[config.Issuer].Endpoint()
+	s.configsById[config.ID] = config
 	return nil
 }
 
-func (service *OIDCService) GetStartParams(config *OIDCClientConfig) (*OIDCStartParams, error) {
+func (s *Service) GetStartParams(config *ClientConfig) (*StartParams, error) {
 	// TODO(at) state should be a JWT encoding a redirect location
 	// Using a random string to get the flow running.
 	state, err := randString(32)
@@ -83,7 +80,7 @@ func (service *OIDCService) GetStartParams(config *OIDCClientConfig) (*OIDCStart
 	// Nonce is the single option passed on to configure the consent page ATM.
 	authCodeURL := config.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))
 
-	return &OIDCStartParams{
+	return &StartParams{
 		AuthCodeURL: authCodeURL,
 		State:       state,
 		Nonce:       nonce,
@@ -98,7 +95,7 @@ func randString(size int) (string, error) {
 	return base64.RawURLEncoding.EncodeToString(b), nil
 }
 
-func (service *OIDCService) GetClientConfigFromRequest(r *http.Request) (*OIDCClientConfig, error) {
+func (s *Service) GetClientConfigFromRequest(r *http.Request) (*ClientConfig, error) {
 	issuerParam := r.URL.Query().Get("issuer")
 	if issuerParam == "" {
 		return nil, errors.New("issuer param not specified")
@@ -109,21 +106,21 @@ func (service *OIDCService) GetClientConfigFromRequest(r *http.Request) (*OIDCCl
 	}
 	log.WithField("issuer", issuer).Trace("at GetClientConfigFromRequest")
 
-	for _, value := range service.configsById {
+	for _, value := range s.configsById {
 		if value.Issuer == issuer {
 			return value, nil
 		}
 	}
 	return nil, errors.New("failed to find OIDC config for request")
 }
 
-func (service *OIDCService) Authenticate(ctx context.Context, oauth2Result *OAuth2Result, issuer string, nonceCookieValue string) (*OIDCAuthResult, error) {
+func (s *Service) Authenticate(ctx context.Context, oauth2Result *OAuth2Result, issuer string, nonceCookieValue string) (*AuthResult, error) {
 	rawIDToken, ok := oauth2Result.OAuth2Token.Extra("id_token").(string)
 	if !ok {
 		return nil, errors.New("id_token not found")
 	}
 
-	verifier := service.verifierByIssuer[issuer]
+	verifier := s.verifierByIssuer[issuer]
 	if verifier == nil {
 		return nil, errors.New("verifier not found")
 	}
@@ -136,7 +133,7 @@ func (service *OIDCService) Authenticate(ctx context.Context, oauth2Result *OAut
 	if idToken.Nonce != nonceCookieValue {
 		return nil, errors.New("nonce mismatch")
 	}
-	return &OIDCAuthResult{
+	return &AuthResult{
 		IDToken: idToken,
 	}, nil
 }

components/iam/pkg/oidc/service_test.go

@@ -25,8 +25,8 @@ func TestGetStartParams(t *testing.T) {
 		issuerG  = "https://accounts.google.com"
 		clientID = "client-id-123"
 	)
-	service := NewOIDCService()
-	config := &OIDCClientConfig{
+	service := NewService()
+	config := &ClientConfig{
 		ID:         "google-1",
 		Issuer:     issuerG,
 		OIDCConfig: &oidc.Config{},
@@ -83,8 +83,8 @@ func TestGetClientConfigFromRequest(t *testing.T) {
 		},
 	}
 
-	service := NewOIDCService()
-	err = service.AddClientConfig(&OIDCClientConfig{
+	service := NewService()
+	err = service.AddClientConfig(&ClientConfig{
 		ID:           "google-1",
 		Issuer:       issuer,
 		OIDCConfig:   &oidc.Config{},
@@ -112,8 +112,8 @@ func TestAuthenticate_nonce_check(t *testing.T) {
 	issuer, err := setupFakeIdP(t)
 	require.NoError(t, err)
 
-	service := NewOIDCService()
-	err = service.AddClientConfig(&OIDCClientConfig{
+	service := NewService()
+	err = service.AddClientConfig(&ClientConfig{
 		ID:     "google-1",
 		Issuer: issuer,
 		OIDCConfig: &oidc.Config{

components/iam/pkg/server/server.go

@@ -28,7 +28,7 @@ func Start(logger *logrus.Entry, version string, cfg *config.ServiceConfig) erro
 		return fmt.Errorf("failed to initialize IAM server: %w", err)
 	}
 
-	oidcService := oidc.NewOIDCService()
+	oidcService := oidc.NewService()
 	err = register(srv, oidcService)
 	if err != nil {
 		return fmt.Errorf("failed to register services to iam server")
@@ -52,7 +52,7 @@ func Start(logger *logrus.Entry, version string, cfg *config.ServiceConfig) erro
 	return nil
 }
 
-func register(srv *baseserver.Server, oidcSvc *oidc.OIDCService) error {
+func register(srv *baseserver.Server, oidcSvc *oidc.Service) error {
 	root := chi.NewRouter()
 
 	root.Mount("/oidc", oidc.Router(oidcSvc))
@@ -63,13 +63,13 @@ func register(srv *baseserver.Server, oidcSvc *oidc.OIDCService) error {
 }
 
 // TODO(at) remove the demo config after start sync'ing with DB
-func loadTestConfig(clientsConfigFilePath string) (*oidc.OIDCClientConfig, error) {
+func loadTestConfig(clientsConfigFilePath string) (*oidc.ClientConfig, error) {
 	testConfig, err := oidc.ReadDemoConfigFromFile(clientsConfigFilePath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read test config: %w", err)
 	}
 
-	return &oidc.OIDCClientConfig{
+	return &oidc.ClientConfig{
 		Issuer: testConfig.Issuer,
 		ID:     "R4ND0M1D",
 		OAuth2Config: &oauth2.Config{