Merge pull request #765 from rithujohn191/bump-oidc

Bump go-oidc package
This commit is contained in:
rithu leena john 2017-01-06 16:06:44 -08:00 committed by GitHub
commit 4ddc5eb061
3 changed files with 11 additions and 4 deletions

6
glide.lock generated
View file

@ -1,12 +1,12 @@
hash: 723f2faad8f09a97ffb5ce647705b8ee41dbf2f81f91488c60f23d102789a23b hash: 22c01c4265c210fbf3cd2d55e9451b924a3301e35053c82ebe35171ab7286c83
updated: 2016-12-08T11:11:10.172119799-08:00 updated: 2017-01-06T15:38:29.812891187-08:00
imports: imports:
- name: github.com/cockroachdb/cockroach-go - name: github.com/cockroachdb/cockroach-go
version: 31611c0501c812f437d4861d87d117053967c955 version: 31611c0501c812f437d4861d87d117053967c955
subpackages: subpackages:
- crdb - crdb
- name: github.com/coreos/go-oidc - name: github.com/coreos/go-oidc
version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1 version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
- name: github.com/ghodss/yaml - name: github.com/ghodss/yaml
version: bea76d6a4713e18b7f5321a2b020738552def3ea version: bea76d6a4713e18b7f5321a2b020738552def3ea
- name: github.com/go-sql-driver/mysql - name: github.com/go-sql-driver/mysql

View file

@ -66,7 +66,7 @@ import:
# Used for server integration tests and OpenID Connect connector. # Used for server integration tests and OpenID Connect connector.
- package: github.com/coreos/go-oidc - package: github.com/coreos/go-oidc
version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1 version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
- package: github.com/pquerna/cachecontrol - package: github.com/pquerna/cachecontrol
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868 version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
- package: golang.org/x/oauth2 - package: golang.org/x/oauth2

View file

@ -145,6 +145,13 @@ func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDTok
} }
} }
// If a checkExpiry is specified, make sure token is not expired.
if v.config.checkExpiry != nil {
if t.Expiry.Before(v.config.checkExpiry()) {
return nil, fmt.Errorf("oidc: token is expired (Token Expiry: %v)", t.Expiry)
}
}
// If a set of required algorithms has been provided, ensure that the signatures use those. // If a set of required algorithms has been provided, ensure that the signatures use those.
var keyIDs, gotAlgs []string var keyIDs, gotAlgs []string
for _, sig := range jws.Signatures { for _, sig := range jws.Signatures {