*: update all to accommodate changes to go-oidc

Update dex to comply with the changes to fieldnames and types of the client and provider metadata structs in coreos/go-oidc.
2016-01-12 17:16:28 -08:00 · 2016-01-12 17:16:28 -08:00 · 5e44b6bc27
commit 5e44b6bc27
parent e80701f4b9
22 changed files with 92 additions and 80 deletions
--- a/client/client.go
+++ b/client/client.go
@ -172,7 +172,7 @@ func (ci *clientIdentity) UnmarshalJSON(data []byte) error {
 		Secret: c.Secret,
 	}
 	ci.Metadata = oidc.ClientMetadata{
-		RedirectURLs: make([]url.URL, len(c.RedirectURLs)),
+		RedirectURIs: make([]url.URL, len(c.RedirectURLs)),
 	}
 	for i, us := range c.RedirectURLs {
@ -180,7 +180,7 @@ func (ci *clientIdentity) UnmarshalJSON(data []byte) error {
 		if err != nil {
 			return err
 		}
-		ci.Metadata.RedirectURLs[i] = *up
+		ci.Metadata.RedirectURIs[i] = *up
 	}
 	return nil
--- a/client/client_test.go
+++ b/client/client_test.go
@ -18,7 +18,7 @@ func TestMemClientIdentityRepoNew(t *testing.T) {
 		{
 			id: "foo",
 			meta: oidc.ClientMetadata{
-				RedirectURLs: []url.URL{
+				RedirectURIs: []url.URL{
 					url.URL{
 						Scheme: "https",
 						Host:   "example.com",
@ -29,7 +29,7 @@ func TestMemClientIdentityRepoNew(t *testing.T) {
 		{
 			id: "bar",
 			meta: oidc.ClientMetadata{
-				RedirectURLs: []url.URL{
+				RedirectURIs: []url.URL{
 					url.URL{Scheme: "https", Host: "example.com/foo"},
 					url.URL{Scheme: "https", Host: "example.com/bar"},
 				},
@ -60,8 +60,8 @@ func TestMemClientIdentityRepoNew(t *testing.T) {
 			t.Errorf("case %d: expected repo to contain newly created Client", i)
 		}
-		wantURLs := tt.meta.RedirectURLs
+		wantURLs := tt.meta.RedirectURIs
-		gotURLs := all[0].Metadata.RedirectURLs
+		gotURLs := all[0].Metadata.RedirectURIs
 		if !reflect.DeepEqual(wantURLs, gotURLs) {
 			t.Errorf("case %d: redirect url mismatch, want=%v, got=%v", i, wantURLs, gotURLs)
 		}
@ -72,7 +72,7 @@ func TestMemClientIdentityRepoNewDuplicate(t *testing.T) {
 	cr := NewClientIdentityRepo(nil)
 	meta1 := oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "https", Host: "foo.example.com"},
 		},
 	}
@ -82,7 +82,7 @@ func TestMemClientIdentityRepoNewDuplicate(t *testing.T) {
 	}
 	meta2 := oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "https", Host: "bar.example.com"},
 		},
 	}
@ -174,7 +174,7 @@ func TestClientIdentityUnmarshalJSON(t *testing.T) {
 		sort.Strings(expectedURLs)
 		actualURLs := make([]string, 0)
-		for _, u := range actual.Metadata.RedirectURLs {
+		for _, u := range actual.Metadata.RedirectURIs {
 			actualURLs = append(actualURLs, u.String())
 		}
 		sort.Strings(actualURLs)
--- a/cmd/dexctl/command_client.go
+++ b/cmd/dexctl/command_client.go
@ -37,7 +37,7 @@ func runNewClient(cmd *cobra.Command, args []string) int {
 		redirectURLs[i] = *u
 	}
-	cc, err := getDriver().NewClient(oidc.ClientMetadata{RedirectURLs: redirectURLs})
+	cc, err := getDriver().NewClient(oidc.ClientMetadata{RedirectURIs: redirectURLs})
 	if err != nil {
 		stderr("Failed creating new client: %v", err)
 		return 1
--- a/cmd/dexctl/driver_api.go
+++ b/cmd/dexctl/driver_api.go
@ -21,13 +21,13 @@ func newAPIDriver(pcfg oidc.ProviderConfig, creds oidc.ClientCredentials) (drive
 	trans := &oidc.AuthenticatedTransport{
 		TokenRefresher: &oidc.ClientCredsTokenRefresher{
-			Issuer:     pcfg.Issuer,
+			Issuer:     pcfg.Issuer.String(),
 			OIDCClient: oc,
 		},
 		RoundTripper: http.DefaultTransport,
 	}
 	hc := &http.Client{Transport: trans}
-	svc, err := schema.NewWithBasePath(hc, pcfg.Issuer)
+	svc, err := schema.NewWithBasePath(hc, pcfg.Issuer.String())
 	if err != nil {
 		return nil, err
 	}
@ -41,10 +41,10 @@ type apiDriver struct {
 func (d *apiDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials, error) {
 	sc := &schema.Client{
-		RedirectURIs: make([]string, len(meta.RedirectURLs)),
+		RedirectURIs: make([]string, len(meta.RedirectURIs)),
 	}
-	for i, u := range meta.RedirectURLs {
+	for i, u := range meta.RedirectURIs {
 		sc.RedirectURIs[i] = u.String()
 	}
--- a/cmd/dexctl/driver_db.go
+++ b/cmd/dexctl/driver_db.go
@ -31,7 +31,7 @@ func (d *dbDriver) NewClient(meta oidc.ClientMetadata) (*oidc.ClientCredentials,
 		return nil, err
 	}
-	clientID, err := oidc.GenClientID(meta.RedirectURLs[0].Host)
+	clientID, err := oidc.GenClientID(meta.RedirectURIs[0].Host)
 	if err != nil {
 		return nil, err
 	}
--- a/connector/connector_oidc_test.go
+++ b/connector/connector_oidc_test.go
@ -89,8 +89,8 @@ func TestLoginURL(t *testing.T) {
 			Credentials: oidc.ClientCredentials{ID: tt.cid, Secret: "fake-client-secret"},
 			RedirectURL: tt.redir,
 			ProviderConfig: oidc.ProviderConfig{
-				AuthEndpoint:  "http://example.com/authorize",
+				AuthEndpoint:  &url.URL{Scheme: "http", Host: "example.com", Path: "/authorize"},
-				TokenEndpoint: "http://example.com/token",
+				TokenEndpoint: &url.URL{Scheme: "http", Host: "example.com", Path: "/token"},
 			},
 			Scope: tt.scope,
 		}
--- a/functional/db_test.go
+++ b/functional/db_test.go
@ -193,7 +193,7 @@ func TestDBClientIdentityRepoMetadata(t *testing.T) {
 	r := db.NewClientIdentityRepo(connect(t))
 	cm := oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
 			url.URL{Scheme: "https", Host: "example.com", Path: "/callback"},
 		},
@ -230,7 +230,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
 	r := db.NewClientIdentityRepo(connect(t))
 	meta1 := oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "http", Host: "foo.example.com"},
 		},
 	}
@ -240,7 +240,7 @@ func TestDBClientIdentityRepoNewDuplicate(t *testing.T) {
 	}
 	meta2 := oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "http", Host: "bar.example.com"},
 		},
 	}
@ -254,7 +254,7 @@ func TestDBClientIdentityRepoAuthenticate(t *testing.T) {
 	r := db.NewClientIdentityRepo(connect(t))
 	cm := oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
 		},
 	}
@ -302,7 +302,7 @@ func TestDBClientIdentityAll(t *testing.T) {
 	r := db.NewClientIdentityRepo(connect(t))
 	cm := oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "http", Host: "127.0.0.1:5556", Path: "/cb"},
 		},
 	}
@ -326,7 +326,7 @@ func TestDBClientIdentityAll(t *testing.T) {
 	}
 	cm = oidc.ClientMetadata{
-		RedirectURLs: []url.URL{
+		RedirectURIs: []url.URL{
 			url.URL{Scheme: "http", Host: "foo.com", Path: "/cb"},
 		},
 	}
--- a/functional/repo/client_repo_test.go
+++ b/functional/repo/client_repo_test.go
@ -22,7 +22,7 @@ var (
 				Secret: "secret-1",
 			},
 			Metadata: oidc.ClientMetadata{
-				RedirectURLs: []url.URL{
+				RedirectURIs: []url.URL{
 					url.URL{
 						Scheme: "https",
 						Host:   "client1.example.com/callback",
@ -36,7 +36,7 @@ var (
 				Secret: "secret-2",
 			},
 			Metadata: oidc.ClientMetadata{
-				RedirectURLs: []url.URL{
+				RedirectURIs: []url.URL{
 					url.URL{
 						Scheme: "https",
 						Host:   "client2.example.com/callback",
--- a/integration/client_api_test.go
+++ b/integration/client_api_test.go
@ -72,8 +72,8 @@ func TestClientCreate(t *testing.T) {
 		t.Error("Expected new client to exist in repo")
 	}
-	gotURLs := make([]string, len(meta.RedirectURLs))
+	gotURLs := make([]string, len(meta.RedirectURIs))
-	for i, u := range meta.RedirectURLs {
+	for i, u := range meta.RedirectURIs {
 		gotURLs[i] = u.String()
 	}
 	if !reflect.DeepEqual(newClientInput.RedirectURIs, gotURLs) {
--- a/integration/user_api_test.go
+++ b/integration/user_api_test.go
@ -104,7 +104,7 @@ func makeUserAPITestFixtures() *userAPITestFixtures {
 				Secret: testClientSecret,
 			},
 			Metadata: oidc.ClientMetadata{
-				RedirectURLs: []url.URL{
+				RedirectURIs: []url.URL{
 					testRedirectURL,
 				},
 			},
@ -115,7 +115,7 @@ func makeUserAPITestFixtures() *userAPITestFixtures {
 				Secret: "secret",
 			},
 			Metadata: oidc.ClientMetadata{
-				RedirectURLs: []url.URL{
+				RedirectURIs: []url.URL{
 					testRedirectURL,
 				},
 			},
--- a/schema/workerschema/mapper.go
+++ b/schema/workerschema/mapper.go
@ -13,7 +13,7 @@ func MapSchemaClientToClientIdentity(sc Client) (oidc.ClientIdentity, error) {
 			ID: sc.Id,
 		},
 		Metadata: oidc.ClientMetadata{
-			RedirectURLs: make([]url.URL, len(sc.RedirectURIs)),
+			RedirectURIs: make([]url.URL, len(sc.RedirectURIs)),
 		},
 	}
@ -27,7 +27,7 @@ func MapSchemaClientToClientIdentity(sc Client) (oidc.ClientIdentity, error) {
 			return oidc.ClientIdentity{}, errors.New("redirect URL invalid")
 		}
-		ci.Metadata.RedirectURLs[i] = *u
+		ci.Metadata.RedirectURIs[i] = *u
 	}
 	return ci, nil
@ -36,9 +36,9 @@ func MapSchemaClientToClientIdentity(sc Client) (oidc.ClientIdentity, error) {
 func MapClientIdentityToSchemaClient(c oidc.ClientIdentity) Client {
 	cl := Client{
 		Id:           c.Credentials.ID,
-		RedirectURIs: make([]string, len(c.Metadata.RedirectURLs)),
+		RedirectURIs: make([]string, len(c.Metadata.RedirectURIs)),
 	}
-	for i, u := range c.Metadata.RedirectURLs {
+	for i, u := range c.Metadata.RedirectURIs {
 		cl.RedirectURIs[i] = u.String()
 	}
 	return cl
@ -48,9 +48,9 @@ func MapClientIdentityToSchemaClientWithSecret(c oidc.ClientIdentity) ClientWith
 	cl := ClientWithSecret{
 		Id:           c.Credentials.ID,
 		Secret:       c.Credentials.Secret,
-		RedirectURIs: make([]string, len(c.Metadata.RedirectURLs)),
+		RedirectURIs: make([]string, len(c.Metadata.RedirectURIs)),
 	}
-	for i, u := range c.Metadata.RedirectURLs {
+	for i, u := range c.Metadata.RedirectURIs {
 		cl.RedirectURIs[i] = u.String()
 	}
 	return cl
--- a/server/client_resource.go
+++ b/server/client_resource.go
@ -89,7 +89,7 @@ func (c *clientResource) create(w http.ResponseWriter, r *http.Request) {
 		return
 	}
-	clientID, err := oidc.GenClientID(ci.Metadata.RedirectURLs[0].Host)
+	clientID, err := oidc.GenClientID(ci.Metadata.RedirectURIs[0].Host)
 	if err != nil {
 		log.Errorf("Failed generating ID for new client: %v", err)
 		writeAPIError(w, http.StatusInternalServerError, newAPIError(errorServerError, "unable to generate client ID"))
--- a/server/client_resource_test.go
+++ b/server/client_resource_test.go
@ -89,13 +89,13 @@ func TestCreateInvalidRequest(t *testing.T) {
 		{
 			req:      &http.Request{Method: "POST", URL: u, Header: h, Body: makeBody(`{"redirectURIs":["asdf.com"]}`)},
 			wantCode: http.StatusBadRequest,
-			wantBody: `{"error":"invalid_client_metadata","error_description":"invalid redirect URL: scheme not http/https"}`,
+			wantBody: `{"error":"invalid_client_metadata","error_description":"no host for uri field redirect_uris"}`,
 		},
 		// uri missing host
 		{
 			req:      &http.Request{Method: "POST", URL: u, Header: h, Body: makeBody(`{"redirectURIs":["http://"]}`)},
 			wantCode: http.StatusBadRequest,
-			wantBody: `{"error":"invalid_client_metadata","error_description":"invalid redirect URL: host empty"}`,
+			wantBody: `{"error":"invalid_client_metadata","error_description":"no host for uri field redirect_uris"}`,
 		},
 	}
@ -183,7 +183,7 @@ func TestList(t *testing.T) {
 				oidc.ClientIdentity{
 					Credentials: oidc.ClientCredentials{ID: "foo", Secret: "bar"},
 					Metadata: oidc.ClientMetadata{
-						RedirectURLs: []url.URL{
+						RedirectURIs: []url.URL{
 							url.URL{Scheme: "http", Host: "example.com"},
 						},
 					},
@ -202,7 +202,7 @@ func TestList(t *testing.T) {
 				oidc.ClientIdentity{
 					Credentials: oidc.ClientCredentials{ID: "foo", Secret: "bar"},
 					Metadata: oidc.ClientMetadata{
-						RedirectURLs: []url.URL{
+						RedirectURIs: []url.URL{
 							url.URL{Scheme: "http", Host: "example.com"},
 						},
 					},
@ -210,7 +210,7 @@ func TestList(t *testing.T) {
 				oidc.ClientIdentity{
 					Credentials: oidc.ClientCredentials{ID: "biz", Secret: "bang"},
 					Metadata: oidc.ClientMetadata{
-						RedirectURLs: []url.URL{
+						RedirectURIs: []url.URL{
 							url.URL{Scheme: "https", Host: "example.com", Path: "one/two/three"},
 						},
 					},
--- a/server/email_verification.go
+++ b/server/email_verification.go
@ -158,7 +158,7 @@ func handleVerifyEmailResendFunc(
 			return
 		}
-		*redirectURL, err = client.ValidRedirectURL(redirectURL, cm.RedirectURLs)
+		*redirectURL, err = client.ValidRedirectURL(redirectURL, cm.RedirectURIs)
 		if err != nil {
 			switch err {
 			case (client.ErrorInvalidRedirectURL):
--- a/server/http.go
+++ b/server/http.go
@ -55,7 +55,7 @@ func handleDiscoveryFunc(cfg oidc.ProviderConfig) http.HandlerFunc {
 			return
 		}
-		b, err := json.Marshal(cfg)
+		b, err := json.Marshal(&cfg)
 		if err != nil {
 			log.Errorf("Unable to marshal %#v to JSON: %v", cfg, err)
 		}
@ -309,13 +309,13 @@ func handleAuthFunc(srv OIDCServer, idpcs []connector.Connector, tpl *template.T
 			return
 		}
-		if len(cm.RedirectURLs) == 0 {
+		if len(cm.RedirectURIs) == 0 {
 			log.Errorf("Client %q has no redirect URLs", acr.ClientID)
 			writeAuthError(w, oauth2.NewError(oauth2.ErrorServerError), acr.State)
 			return
 		}
-		redirectURL, err := client.ValidRedirectURL(acr.RedirectURL, cm.RedirectURLs)
+		redirectURL, err := client.ValidRedirectURL(acr.RedirectURL, cm.RedirectURIs)
 		if err != nil {
 			switch err {
 			case (client.ErrorCantChooseRedirectURL):
--- a/server/http_test.go
+++ b/server/http_test.go
@ -83,7 +83,7 @@ func TestHandleAuthFuncResponsesSingleRedirectURL(t *testing.T) {
 					Secret: "secrete",
 				},
 				Metadata: oidc.ClientMetadata{
-					RedirectURLs: []url.URL{
+					RedirectURIs: []url.URL{
 						url.URL{Scheme: "http", Host: "client.example.com", Path: "/callback"},
 					},
 				},
@ -206,7 +206,7 @@ func TestHandleAuthFuncResponsesMultipleRedirectURLs(t *testing.T) {
 					Secret: "secrete",
 				},
 				Metadata: oidc.ClientMetadata{
-					RedirectURLs: []url.URL{
+					RedirectURIs: []url.URL{
 						url.URL{Scheme: "http", Host: "foo.example.com", Path: "/callback"},
 						url.URL{Scheme: "http", Host: "bar.example.com", Path: "/callback"},
 					},
@ -363,17 +363,22 @@ func TestHandleDiscoveryFuncMethodNotAllowed(t *testing.T) {
 }
 func TestHandleDiscoveryFunc(t *testing.T) {
-	u := "http://server.example.com"
+	u := url.URL{Scheme: "http", Host: "server.example.com"}
 	pathURL := func(path string) *url.URL {
 		ucopy := u
 		ucopy.Path = path
 		return &ucopy
 	}
 	cfg := oidc.ProviderConfig{
-		Issuer:        u,
+		Issuer:        &u,
-		AuthEndpoint:  u + httpPathAuth,
+		AuthEndpoint:  pathURL(httpPathAuth),
-		TokenEndpoint: u + httpPathToken,
+		TokenEndpoint: pathURL(httpPathToken),
-		KeysEndpoint:  u + httpPathKeys,
+		KeysEndpoint:  pathURL(httpPathKeys),
 		GrantTypesSupported:               []string{oauth2.GrantTypeAuthCode},
 		ResponseTypesSupported:            []string{"code"},
 		SubjectTypesSupported:             []string{"public"},
-		IDTokenAlgValuesSupported:         []string{"RS256"},
+		IDTokenSigningAlgValues:           []string{"RS256"},
 		TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
 	}
--- a/server/password.go
+++ b/server/password.go
@ -134,7 +134,7 @@ func (h *SendResetPasswordEmailHandler) validateRedirectURL(clientID string, red
 		return url.URL{}, false
 	}
-	validURL, err := client.ValidRedirectURL(parsed, cm.RedirectURLs)
+	validURL, err := client.ValidRedirectURL(parsed, cm.RedirectURIs)
 	if err != nil {
 		log.Errorf("Invalid redirectURL for clientID: redirectURL:%q, clientID:%q", redirectURL, clientID)
 		return url.URL{}, false
--- a/server/server.go
+++ b/server/server.go
@ -110,19 +110,24 @@ func (s *Server) KillSession(sessionKey string) error {
 	return err
 }
-func (s *Server) ProviderConfig() oidc.ProviderConfig {
+func (s *Server) pathURL(path string) *url.URL {
-	iss := s.IssuerURL.String()
+	u := s.IssuerURL
-	cfg := oidc.ProviderConfig{
+	u.Path = path
-		Issuer: iss,
+	return &u
 }
-		AuthEndpoint:  iss + httpPathAuth,
+func (s *Server) ProviderConfig() oidc.ProviderConfig {
-		TokenEndpoint: iss + httpPathToken,
+	cfg := oidc.ProviderConfig{
-		KeysEndpoint:  iss + httpPathKeys,
+		Issuer: &s.IssuerURL,
 		AuthEndpoint:  s.pathURL(httpPathAuth),
 		TokenEndpoint: s.pathURL(httpPathToken),
 		KeysEndpoint:  s.pathURL(httpPathKeys),
 		GrantTypesSupported:               []string{oauth2.GrantTypeAuthCode, oauth2.GrantTypeClientCreds},
 		ResponseTypesSupported:            []string{"code"},
 		SubjectTypesSupported:             []string{"public"},
-		IDTokenAlgValuesSupported:         []string{"RS256"},
+		IDTokenSigningAlgValues:           []string{"RS256"},
 		TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
 	}
--- a/server/server_test.go
+++ b/server/server_test.go
@ -17,6 +17,7 @@ import (
 	"github.com/coreos/go-oidc/key"
 	"github.com/coreos/go-oidc/oauth2"
 	"github.com/coreos/go-oidc/oidc"
 	"github.com/kylelemons/godebug/pretty"
 )
 type StaticKeyManager struct {
@ -100,20 +101,21 @@ func TestServerProviderConfig(t *testing.T) {
 	srv := &Server{IssuerURL: url.URL{Scheme: "http", Host: "server.example.com"}}
 	want := oidc.ProviderConfig{
-		Issuer:                            "http://server.example.com",
+		Issuer:        &url.URL{Scheme: "http", Host: "server.example.com"},
-		AuthEndpoint:                      "http://server.example.com/auth",
+		AuthEndpoint:  &url.URL{Scheme: "http", Host: "server.example.com", Path: "/auth"},
-		TokenEndpoint:                     "http://server.example.com/token",
+		TokenEndpoint: &url.URL{Scheme: "http", Host: "server.example.com", Path: "/token"},
-		KeysEndpoint:                      "http://server.example.com/keys",
+		KeysEndpoint:  &url.URL{Scheme: "http", Host: "server.example.com", Path: "/keys"},
 		GrantTypesSupported:               []string{oauth2.GrantTypeAuthCode, oauth2.GrantTypeClientCreds},
 		ResponseTypesSupported:            []string{"code"},
 		SubjectTypesSupported:             []string{"public"},
-		IDTokenAlgValuesSupported:         []string{"RS256"},
+		IDTokenSigningAlgValues:           []string{"RS256"},
 		TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
 	}
 	got := srv.ProviderConfig()
-	if !reflect.DeepEqual(want, got) {
+	if diff := pretty.Compare(want, got); diff != "" {
-		t.Fatalf("want=%#v, got=%#v", want, got)
+		t.Fatalf("provider config did not match expected: %s", diff)
 	}
 }
@ -131,7 +133,7 @@ func TestServerNewSession(t *testing.T) {
 			Secret: "secrete",
 		},
 		Metadata: oidc.ClientMetadata{
-			RedirectURLs: []url.URL{
+			RedirectURIs: []url.URL{
 				url.URL{
 					Scheme: "http",
 					Host:   "client.example.com",
@ -141,7 +143,7 @@ func TestServerNewSession(t *testing.T) {
 		},
 	}
-	key, err := srv.NewSession("bogus_idpc", ci.Credentials.ID, state, ci.Metadata.RedirectURLs[0], nonce, false, []string{"openid"})
+	key, err := srv.NewSession("bogus_idpc", ci.Credentials.ID, state, ci.Metadata.RedirectURIs[0], nonce, false, []string{"openid"})
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
@ -156,8 +158,8 @@ func TestServerNewSession(t *testing.T) {
 		t.Fatalf("Unable to add Identity to Session: %v", err)
 	}
-	if !reflect.DeepEqual(ci.Metadata.RedirectURLs[0], ses.RedirectURL) {
+	if !reflect.DeepEqual(ci.Metadata.RedirectURIs[0], ses.RedirectURL) {
-		t.Fatalf("Session created with incorrect RedirectURL: want=%#v got=%#v", ci.Metadata.RedirectURLs[0], ses.RedirectURL)
+		t.Fatalf("Session created with incorrect RedirectURL: want=%#v got=%#v", ci.Metadata.RedirectURIs[0], ses.RedirectURL)
 	}
 	if ci.Credentials.ID != ses.ClientID {
@ -180,7 +182,7 @@ func TestServerLogin(t *testing.T) {
 			Secret: "secrete",
 		},
 		Metadata: oidc.ClientMetadata{
-			RedirectURLs: []url.URL{
+			RedirectURIs: []url.URL{
 				url.URL{
 					Scheme: "http",
 					Host:   "client.example.com",
@ -197,7 +199,7 @@ func TestServerLogin(t *testing.T) {
 	sm := session.NewSessionManager(session.NewSessionRepo(), session.NewSessionKeyRepo())
 	sm.GenerateCode = staticGenerateCodeFunc("fakecode")
-	sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURLs[0], "", false, []string{"openid"})
+	sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURIs[0], "", false, []string{"openid"})
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
@ -269,7 +271,7 @@ func TestServerLoginDisabledUser(t *testing.T) {
 			Secret: "secrete",
 		},
 		Metadata: oidc.ClientMetadata{
-			RedirectURLs: []url.URL{
+			RedirectURIs: []url.URL{
 				url.URL{
 					Scheme: "http",
 					Host:   "client.example.com",
@ -286,7 +288,7 @@ func TestServerLoginDisabledUser(t *testing.T) {
 	sm := session.NewSessionManager(session.NewSessionRepo(), session.NewSessionKeyRepo())
 	sm.GenerateCode = staticGenerateCodeFunc("fakecode")
-	sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURLs[0], "", false, []string{"openid"})
+	sessionID, err := sm.NewSession("test_connector_id", ci.Credentials.ID, "bogus", ci.Metadata.RedirectURIs[0], "", false, []string{"openid"})
 	if err != nil {
 		t.Fatalf("Unexpected error: %v", err)
 	}
--- a/server/testutil.go
+++ b/server/testutil.go
@ -133,7 +133,7 @@ func makeTestFixtures() (*testFixtures, error) {
 				Secret: testClientSecret,
 			},
 			Metadata: oidc.ClientMetadata{
-				RedirectURLs: []url.URL{
+				RedirectURIs: []url.URL{
 					testRedirectURL,
 				},
 			},
--- a/user/api/api.go
+++ b/user/api/api.go
@ -153,7 +153,7 @@ func (u *UsersAPI) CreateUser(creds Creds, usr schema.User, redirURL url.URL) (s
 		return schema.UserCreateResponse{}, mapError(err)
 	}
-	validRedirURL, err := client.ValidRedirectURL(&redirURL, metadata.RedirectURLs)
+	validRedirURL, err := client.ValidRedirectURL(&redirURL, metadata.RedirectURIs)
 	if err != nil {
 		return schema.UserCreateResponse{}, ErrorInvalidRedirectURL
 	}
--- a/user/api/api_test.go
+++ b/user/api/api_test.go
@ -136,7 +136,7 @@ func makeTestFixtures() (*UsersAPI, *testEmailer) {
 			Secret: "secrete",
 		},
 		Metadata: oidc.ClientMetadata{
-			RedirectURLs: []url.URL{
+			RedirectURIs: []url.URL{
 				validRedirURL,
 			},
 		},