diff --git a/cmd/dex/serve.go b/cmd/dex/serve.go
index 6c708c4e1d99a9e7308ce77d265be63682df7493..08d9fdb0744b7d20ae746ce5fe2f92b1c775e72c 100644
--- a/cmd/dex/serve.go
+++ b/cmd/dex/serve.go
@@ -1,6 +1,7 @@
package main
import (
+ "context"
"crypto/tls"
"crypto/x509"
"errors"
@@ -15,7 +16,6 @@ import (
"github.com/Sirupsen/logrus"
"github.com/ghodss/yaml"
"github.com/spf13/cobra"
- "golang.org/x/net/context"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
diff --git a/cmd/example-app/main.go b/cmd/example-app/main.go
index 3ec34e38bfcabe7fa9f8c2b0e851d4d8a4e20522..4da34b9a8acd80ab85b8e8d293384049b52bffc1 100644
--- a/cmd/example-app/main.go
+++ b/cmd/example-app/main.go
@@ -2,6 +2,7 @@ package main
import (
"bytes"
+ "context"
"crypto/tls"
"crypto/x509"
"encoding/json"
@@ -19,7 +20,6 @@ import (
"github.com/coreos/go-oidc"
"github.com/spf13/cobra"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
)
@@ -175,7 +175,7 @@ func cmd() *cobra.Command {
}
a.provider = provider
- a.verifier = provider.Verifier(oidc.VerifyAudience(a.clientID))
+ a.verifier = provider.Verifier(&oidc.Config{ClientID: a.clientID})
http.HandleFunc("/", a.handleIndex)
http.HandleFunc("/login", a.handleLogin)
diff --git a/connector/connector.go b/connector/connector.go
index c92d7589e3e62962d34a497a998b1230d4745d44..fde38a247bdb208e758653f71f16bfc5c07bdf67 100644
--- a/connector/connector.go
+++ b/connector/connector.go
@@ -2,9 +2,8 @@
package connector
import (
+ "context"
"net/http"
-
- "golang.org/x/net/context"
)
// Connector is a mechanism for federating login to a remote identity service.
diff --git a/connector/github/github.go b/connector/github/github.go
index f6dbdfee7e024c14a1d44f2f5adb2fd1d46fdfb9..49dc3bb34d189c412a1041aa1e1d1b8e7e17a29b 100644
--- a/connector/github/github.go
+++ b/connector/github/github.go
@@ -2,6 +2,7 @@
package github
import (
+ "context"
"encoding/json"
"errors"
"fmt"
@@ -10,7 +11,6 @@ import (
"regexp"
"strconv"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
"golang.org/x/oauth2/github"
diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go
index 0fcc3d26ada5a784897662de791a9fe646bbe120..b0f10cf1c3470b47b5e4d57c6c19e910d5c41f6a 100644
--- a/connector/gitlab/gitlab.go
+++ b/connector/gitlab/gitlab.go
@@ -2,6 +2,7 @@
package gitlab
import (
+ "context"
"encoding/json"
"errors"
"fmt"
@@ -12,7 +13,6 @@ import (
"github.com/Sirupsen/logrus"
"github.com/coreos/dex/connector"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
)
diff --git a/connector/ldap/ldap.go b/connector/ldap/ldap.go
index c5e45d377e5e192fa78a4b43299a01f285a60f27..df3d4c9d39493355b8112bc07d67a66e9142c4a9 100644
--- a/connector/ldap/ldap.go
+++ b/connector/ldap/ldap.go
@@ -2,6 +2,7 @@
package ldap
import (
+ "context"
"crypto/tls"
"crypto/x509"
"encoding/json"
@@ -9,7 +10,6 @@ import (
"io/ioutil"
"net"
- "golang.org/x/net/context"
"gopkg.in/ldap.v2"
"github.com/Sirupsen/logrus"
diff --git a/connector/mock/connectortest.go b/connector/mock/connectortest.go
index b754705b25016768f40d360254819d4e4c69e3e0..ef7749f7c05f3b3dcfb64c470a9be8cf01d827cd 100644
--- a/connector/mock/connectortest.go
+++ b/connector/mock/connectortest.go
@@ -2,13 +2,12 @@
package mock
import (
+ "context"
"errors"
"fmt"
"net/http"
"net/url"
- "golang.org/x/net/context"
-
"github.com/Sirupsen/logrus"
"github.com/coreos/dex/connector"
)
diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go
index 6a8b6f98689a7e0b564fd25554c6cf97eb4a2c5f..728bdf6ac7fecb401065e52c973149bc48700c12 100644
--- a/connector/oidc/oidc.go
+++ b/connector/oidc/oidc.go
@@ -2,13 +2,13 @@
package oidc
import (
+ "context"
"errors"
"fmt"
"net/http"
"github.com/Sirupsen/logrus"
"github.com/coreos/go-oidc"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
"github.com/coreos/dex/connector"
@@ -53,10 +53,10 @@ func (c *Config) Open(logger logrus.FieldLogger) (conn connector.Connector, err
RedirectURL: c.RedirectURI,
},
verifier: provider.Verifier(
- oidc.VerifyExpiry(),
- oidc.VerifyAudience(clientID),
+ &oidc.Config{ClientID: clientID},
),
logger: logger,
+ cancel: cancel,
}, nil
}
diff --git a/glide.yaml b/glide.yaml
index c6d1991f18a7e5cde762b8ebce07491805d8896c..07337a1dcd9808e98b2068ebbe8b036137cbf238 100644
--- a/glide.yaml
+++ b/glide.yaml
@@ -35,7 +35,6 @@ import:
version: 6a513affb38dc9788b449d59ffed099b8de18fa0
subpackages:
- context
- - context/ctxhttp
- http2
- http2/hpack
- internal/timeseries
@@ -68,7 +67,7 @@ import:
# Used for server integration tests and OpenID Connect connector.
- package: github.com/coreos/go-oidc
- version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
+ version: be73733bb8cc830d0205609b95d125215f8e9c70
- package: github.com/pquerna/cachecontrol
version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
- package: golang.org/x/oauth2
diff --git a/server/api.go b/server/api.go
index 25655d6822e34a5d6ae6db21baa2a1ada4d3d828..0e7c5b2fed0967012f8b07f28f3b5cf9b9c55a05 100644
--- a/server/api.go
+++ b/server/api.go
@@ -5,6 +5,9 @@ import (
"fmt"
"golang.org/x/crypto/bcrypt"
+
+ // go-grpc doesn't use the standard library's context.
+ // https://github.com/grpc/grpc-go/issues/711
"golang.org/x/net/context"
"github.com/Sirupsen/logrus"
diff --git a/server/handlers_test.go b/server/handlers_test.go
index 233af2795c3442cf95a665d5d8d58f067969fbee..4c410b8ed4c5e0c52b876072db10d29336d640d0 100644
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -1,11 +1,10 @@
package server
import (
+ "context"
"net/http"
"net/http/httptest"
"testing"
-
- "golang.org/x/net/context"
)
func TestHandleHealth(t *testing.T) {
diff --git a/server/rotation.go b/server/rotation.go
index fb790c6256f60f17385be8a57fbdf319dcd23802..5619b3a70e32b3d9f5182725f12be950c01f03c6 100644
--- a/server/rotation.go
+++ b/server/rotation.go
@@ -1,6 +1,7 @@
package server
import (
+ "context"
"crypto/rand"
"crypto/rsa"
"encoding/hex"
@@ -9,7 +10,6 @@ import (
"io"
"time"
- "golang.org/x/net/context"
"gopkg.in/square/go-jose.v2"
"github.com/Sirupsen/logrus"
diff --git a/server/server.go b/server/server.go
index 012802f257c60dab370aa29daddf3cd58bf265cb..68fe09158f30c2868357e2d5595853565329a858 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1,6 +1,7 @@
package server
import (
+ "context"
"errors"
"fmt"
"net/http"
@@ -10,7 +11,6 @@ import (
"time"
"golang.org/x/crypto/bcrypt"
- "golang.org/x/net/context"
"github.com/Sirupsen/logrus"
"github.com/gorilla/handlers"
diff --git a/server/server_test.go b/server/server_test.go
index 688c606eaeded8fc6ff004e3faa1c7c89e6989b4..2fd0229bab6f6fc0f23f2a59e49d413eff0df630 100644
--- a/server/server_test.go
+++ b/server/server_test.go
@@ -1,6 +1,7 @@
package server
import (
+ "context"
"crypto/rsa"
"crypto/x509"
"encoding/json"
@@ -24,7 +25,6 @@ import (
oidc "github.com/coreos/go-oidc"
"github.com/kylelemons/godebug/pretty"
"golang.org/x/crypto/bcrypt"
- "golang.org/x/net/context"
"golang.org/x/oauth2"
jose "gopkg.in/square/go-jose.v2"
@@ -175,6 +175,8 @@ func TestOAuth2CodeFlow(t *testing.T) {
// Connector used by the tests.
var conn *mock.Callback
+ oidcConfig := &oidc.Config{SkipClientIDCheck: true}
+
tests := []struct {
name string
// If specified these set of scopes will be used during the test case.
@@ -189,7 +191,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id token found")
}
- if _, err := p.Verifier().Verify(ctx, idToken); err != nil {
+ if _, err := p.Verifier(oidcConfig).Verify(ctx, idToken); err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
return nil
@@ -212,7 +214,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id token found")
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
if err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
@@ -229,7 +231,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id token found")
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
if err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
@@ -391,7 +393,7 @@ func TestOAuth2CodeFlow(t *testing.T) {
if !ok {
return fmt.Errorf("no id_token in refreshed token")
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(oidcConfig).Verify(ctx, rawIDToken)
if err != nil {
return fmt.Errorf("failed to verify id token: %v", err)
}
@@ -632,7 +634,10 @@ func TestOAuth2ImplicitFlow(t *testing.T) {
src := &nonceSource{nonce: nonce}
- idTokenVerifier := p.Verifier(oidc.VerifyAudience(client.ID), oidc.VerifyNonce(src))
+ idTokenVerifier := p.Verifier(&oidc.Config{
+ ClientID: client.ID,
+ ClaimNonce: src.ClaimNonce,
+ })
oauth2Config = &oauth2.Config{
ClientID: client.ID,
@@ -749,7 +754,7 @@ func TestCrossClientScopes(t *testing.T) {
t.Errorf("no id token found: %v", err)
return
}
- idToken, err := p.Verifier().Verify(ctx, rawIDToken)
+ idToken, err := p.Verifier(&oidc.Config{ClientID: testClientID}).Verify(ctx, rawIDToken)
if err != nil {
t.Errorf("failed to parse ID Token: %v", err)
return
diff --git a/storage/kubernetes/client.go b/storage/kubernetes/client.go
index 1f562165bc645e099110bebde372d2f803434bff..f61c37dbae653289afa4294eaef79299bbb51e02 100644
--- a/storage/kubernetes/client.go
+++ b/storage/kubernetes/client.go
@@ -2,6 +2,7 @@ package kubernetes
import (
"bytes"
+ "context"
"crypto/tls"
"crypto/x509"
"encoding/base32"
@@ -24,7 +25,6 @@ import (
"github.com/Sirupsen/logrus"
"github.com/ghodss/yaml"
"github.com/gtank/cryptopasta"
- "golang.org/x/net/context"
"golang.org/x/net/http2"
"github.com/coreos/dex/storage"
diff --git a/storage/kubernetes/storage.go b/storage/kubernetes/storage.go
index 788d08b1d31d2b29032f16b17665380a902307f2..5b8721f33831154e567eec99f9f01d5d42494ce0 100644
--- a/storage/kubernetes/storage.go
+++ b/storage/kubernetes/storage.go
@@ -1,13 +1,12 @@
package kubernetes
import (
+ "context"
"errors"
"fmt"
"strings"
"time"
- "golang.org/x/net/context"
-
"github.com/Sirupsen/logrus"
"github.com/coreos/dex/storage"
"github.com/coreos/dex/storage/kubernetes/k8sapi"
@@ -85,6 +84,7 @@ func (c *Config) open(logger logrus.FieldLogger, errOnTPRs bool) (*client, error
if !cli.createThirdPartyResources() {
if errOnTPRs {
+ cancel()
return nil, fmt.Errorf("failed creating third party resources")
}