Merge pull request #42669 from curtisallen/update_dep_go-oidc

Automatic merge from submit-queue (batch tested with PRs 42802, 42927, 42669, 42988, 43012) update to latest version of coreos/go-oidc Includes updates that enable OIDC with OKTA as a IDP **What this PR does / why we need it**: Updates to the latest version of coreos/go-oidc **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes # TBD **Special notes for your reviewer**: Updates coreos/go-oidc module to include fixes for https://github.com/coreos/go-oidc/issues/137 which prevent OKTA being used as an IDP **Release note**: ```release-note NONE ``` cc:/ @ericchiang
2025-07-23 11:50:44 +00:00 · 2017-03-14 07:31:34 -07:00 · 2017-03-14 07:31:34 -07:00 · f5114ffa5a
commit f5114ffa5a
parent f1e9004da9 7d409b3731
12 changed files with 34 additions and 90 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
@ -691,23 +691,23 @@
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/http",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/jose",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/key",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/oauth2",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/oidc",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-semver/semver",
--- a/staging/src/k8s.io/apiserver/Godeps/Godeps.json
+++ b/staging/src/k8s.io/apiserver/Godeps/Godeps.json
@ -236,23 +236,23 @@
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/http",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/jose",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/key",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/oauth2",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/oidc",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-semver/semver",
--- a/staging/src/k8s.io/client-go/Godeps/Godeps.json
+++ b/staging/src/k8s.io/client-go/Godeps/Godeps.json
@ -24,23 +24,23 @@
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/http",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/jose",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/key",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/oauth2",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/go-oidc/oidc",
-			"Rev": "5644a2f50e2d2d5ba0b474bc5bc55fea1925936d"
+			"Rev": "be73733bb8cc830d0205609b95d125215f8e9c70"
 		},
 		{
 			"ImportPath": "github.com/coreos/pkg/health",
--- a/vendor/BUILD
+++ b/vendor/BUILD
@ -2055,6 +2055,7 @@ go_library(
    name = "github.com/coreos/go-oidc/http",
    srcs = [
        "github.com/coreos/go-oidc/http/client.go",
+        "github.com/coreos/go-oidc/http/doc.go",
        "github.com/coreos/go-oidc/http/http.go",
        "github.com/coreos/go-oidc/http/url.go",
    ],
@ -2065,12 +2066,12 @@ go_library(
    name = "github.com/coreos/go-oidc/jose",
    srcs = [
        "github.com/coreos/go-oidc/jose/claims.go",
+        "github.com/coreos/go-oidc/jose/doc.go",
        "github.com/coreos/go-oidc/jose/jose.go",
        "github.com/coreos/go-oidc/jose/jwk.go",
        "github.com/coreos/go-oidc/jose/jws.go",
        "github.com/coreos/go-oidc/jose/jwt.go",
        "github.com/coreos/go-oidc/jose/sig.go",
-        "github.com/coreos/go-oidc/jose/sig_hmac.go",
        "github.com/coreos/go-oidc/jose/sig_rsa.go",
    ],
    tags = ["automanaged"],
@ -2079,6 +2080,7 @@ go_library(
 go_library(
    name = "github.com/coreos/go-oidc/key",
    srcs = [
+        "github.com/coreos/go-oidc/key/doc.go",
        "github.com/coreos/go-oidc/key/key.go",
        "github.com/coreos/go-oidc/key/manager.go",
        "github.com/coreos/go-oidc/key/repo.go",
@ -2097,6 +2099,7 @@ go_library(
 go_library(
    name = "github.com/coreos/go-oidc/oauth2",
    srcs = [
+        "github.com/coreos/go-oidc/oauth2/doc.go",
        "github.com/coreos/go-oidc/oauth2/error.go",
        "github.com/coreos/go-oidc/oauth2/oauth2.go",
    ],
@ -2108,6 +2111,7 @@ go_library(
    name = "github.com/coreos/go-oidc/oidc",
    srcs = [
        "github.com/coreos/go-oidc/oidc/client.go",
+        "github.com/coreos/go-oidc/oidc/doc.go",
        "github.com/coreos/go-oidc/oidc/identity.go",
        "github.com/coreos/go-oidc/oidc/interface.go",
        "github.com/coreos/go-oidc/oidc/key.go",
--- a/vendor/github.com/coreos/go-oidc/http/doc.go
+++ b/vendor/github.com/coreos/go-oidc/http/doc.go
@ -0,0 +1,2 @@
+// Package http is DEPRECATED. Use net/http instead.
+package http
--- a/vendor/github.com/coreos/go-oidc/jose/doc.go
+++ b/vendor/github.com/coreos/go-oidc/jose/doc.go
@ -0,0 +1,2 @@
+// Package jose is DEPRECATED. Use gopkg.in/square/go-jose.v2 instead.
+package jose
--- a/vendor/github.com/coreos/go-oidc/jose/jwk.go
+++ b/vendor/github.com/coreos/go-oidc/jose/jwk.go
@ -104,7 +104,7 @@ func encodeExponent(e int) string {
 			break
 		}
 	}
-	return base64.URLEncoding.EncodeToString(b[idx:])
+	return base64.RawURLEncoding.EncodeToString(b[idx:])
 }

 // Turns a URL encoded modulus of a key into a big int.
@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) {
 }

 func encodeModulus(n *big.Int) string {
-	return base64.URLEncoding.EncodeToString(n.Bytes())
+	return base64.RawURLEncoding.EncodeToString(n.Bytes())
 }

 // decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.
--- a/vendor/github.com/coreos/go-oidc/jose/sig_hmac.go
+++ b/vendor/github.com/coreos/go-oidc/jose/sig_hmac.go
@ -1,67 +0,0 @@
-package jose
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/hmac"
-	_ "crypto/sha256"
-	"errors"
-	"fmt"
-)
-
-type VerifierHMAC struct {
-	KeyID  string
-	Hash   crypto.Hash
-	Secret []byte
-}
-
-type SignerHMAC struct {
-	VerifierHMAC
-}
-
-func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
-	if jwk.Alg != "" && jwk.Alg != "HS256" {
-		return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
-	}
-
-	v := VerifierHMAC{
-		KeyID:  jwk.ID,
-		Secret: jwk.Secret,
-		Hash:   crypto.SHA256,
-	}
-
-	return &v, nil
-}
-
-func (v *VerifierHMAC) ID() string {
-	return v.KeyID
-}
-
-func (v *VerifierHMAC) Alg() string {
-	return "HS256"
-}
-
-func (v *VerifierHMAC) Verify(sig []byte, data []byte) error {
-	h := hmac.New(v.Hash.New, v.Secret)
-	h.Write(data)
-	if !bytes.Equal(sig, h.Sum(nil)) {
-		return errors.New("invalid hmac signature")
-	}
-	return nil
-}
-
-func NewSignerHMAC(kid string, secret []byte) *SignerHMAC {
-	return &SignerHMAC{
-		VerifierHMAC: VerifierHMAC{
-			KeyID:  kid,
-			Secret: secret,
-			Hash:   crypto.SHA256,
-		},
-	}
-}
-
-func (s *SignerHMAC) Sign(data []byte) ([]byte, error) {
-	h := hmac.New(s.Hash.New, s.Secret)
-	h.Write(data)
-	return h.Sum(nil), nil
-}
--- a/vendor/github.com/coreos/go-oidc/key/doc.go
+++ b/vendor/github.com/coreos/go-oidc/key/doc.go
@ -0,0 +1,2 @@
+// Package key is DEPRECATED. Use github.com/coreos/go-oidc instead.
+package key
--- a/vendor/github.com/coreos/go-oidc/oauth2/doc.go
+++ b/vendor/github.com/coreos/go-oidc/oauth2/doc.go
@ -0,0 +1,2 @@
+// Package oauth2 is DEPRECATED. Use golang.org/x/oauth instead.
+package oauth2
--- a/vendor/github.com/coreos/go-oidc/oidc/doc.go
+++ b/vendor/github.com/coreos/go-oidc/oidc/doc.go
@ -0,0 +1,2 @@
+// Package oidc is DEPRECATED. Use github.com/coreos/go-oidc instead.
+package oidc
--- a/vendor/github.com/coreos/go-oidc/oidc/provider.go
+++ b/vendor/github.com/coreos/go-oidc/oidc/provider.go
@ -353,9 +353,6 @@ func (p ProviderConfig) Valid() error {
 	if !contains(p.IDTokenSigningAlgValues, "RS256") {
 		return errors.New("id_token_signing_alg_values_supported must include 'RS256'")
 	}
-	if contains(p.TokenEndpointAuthMethodsSupported, "none") {
-		return errors.New("token_endpoint_auth_signing_alg_values_supported cannot include 'none'")
-	}

 	uris := []struct {
 		val      *url.URL
@ -567,7 +564,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
 		next = &pcsStepNext{aft: ttl}
 	} else {
 		next = &pcsStepRetry{aft: time.Second}
-		log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
+		log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
 	}
 	return
 }
@ -586,7 +583,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
 		next = &pcsStepNext{aft: ttl}
 	} else {
 		next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
-		log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
+		log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
 	}
 	return
 }