A fork of the Cocoon PDS but being made more distributed.
11

Configure Feed

Select the types of activity you want to include in your feed.

fix unmarshaling of key inside of oauth metadata (#27)

authored by

hailey and committed by
GitHub
(Sep 28, 2025, 9:24 AM -0700) 195e3b04 71d0a03d

+31 -19
+11 -3
oauth/client/manager.go
··· 57 57 } 58 58 59 59 var jwks jwk.Key 60 - if metadata.JWKS != nil { 60 + if metadata.JWKS != nil && len(metadata.JWKS.Keys) > 0 { 61 61 // TODO: this is kinda bad but whatever for now. there could obviously be more than one jwk, and we need to 62 62 // make sure we use the right one 63 - k, err := helpers.ParseJWKFromBytes((*metadata.JWKS)[0]) 63 + b, err := json.Marshal(metadata.JWKS.Keys[0]) 64 64 if err != nil { 65 65 return nil, err 66 66 } 67 + 68 + k, err := helpers.ParseJWKFromBytes(b) 69 + if err != nil { 70 + return nil, err 71 + } 72 + 67 73 jwks = k 68 74 } else if metadata.JWKSURI != nil { 69 75 maybeJwks, err := cm.getClientJwks(ctx, clientId, *metadata.JWKSURI) ··· 72 78 } 73 79 74 80 jwks = maybeJwks 81 + } else { 82 + return nil, fmt.Errorf("no valid jwks found in oauth client metadata") 75 83 } 76 84 77 85 return &Client{ ··· 262 270 return nil, errors.New("private_key_jwt auth method requires jwks or jwks_uri") 263 271 } 264 272 265 - if metadata.JWKS != nil && len(*metadata.JWKS) == 0 { 273 + if metadata.JWKS != nil && len(metadata.JWKS.Keys) == 0 { 266 274 return nil, errors.New("private_key_jwt auth method requires atleast one key in jwks") 267 275 } 268 276
+20 -16
oauth/client/metadata.go
··· 1 1 package client 2 2 3 3 type Metadata struct { 4 - ClientID string `json:"client_id"` 5 - ClientName string `json:"client_name"` 6 - ClientURI string `json:"client_uri"` 7 - LogoURI string `json:"logo_uri"` 8 - TOSURI string `json:"tos_uri"` 9 - PolicyURI string `json:"policy_uri"` 10 - RedirectURIs []string `json:"redirect_uris"` 11 - GrantTypes []string `json:"grant_types"` 12 - ResponseTypes []string `json:"response_types"` 13 - ApplicationType string `json:"application_type"` 14 - DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens"` 15 - JWKSURI *string `json:"jwks_uri,omitempty"` 16 - JWKS *[][]byte `json:"jwks,omitempty"` 17 - Scope string `json:"scope"` 18 - TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"` 19 - TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"` 4 + ClientID string `json:"client_id"` 5 + ClientName string `json:"client_name"` 6 + ClientURI string `json:"client_uri"` 7 + LogoURI string `json:"logo_uri"` 8 + TOSURI string `json:"tos_uri"` 9 + PolicyURI string `json:"policy_uri"` 10 + RedirectURIs []string `json:"redirect_uris"` 11 + GrantTypes []string `json:"grant_types"` 12 + ResponseTypes []string `json:"response_types"` 13 + ApplicationType string `json:"application_type"` 14 + DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens"` 15 + JWKSURI *string `json:"jwks_uri,omitempty"` 16 + JWKS *MetadataJwks `json:"jwks,omitempty"` 17 + Scope string `json:"scope"` 18 + TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"` 19 + TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"` 20 + } 21 + 22 + type MetadataJwks struct { 23 + Keys []any `json:"keys"` 20 24 }