* bump mockery, add test stub for oidc_auth.go
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* use .mockery.yaml for all mocks
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* drop legacy go:generate mockery
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* align mock placement
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---------
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
I admit it would be better to implement the tests but I tried and it is a bit tricky since we can't mock everything we would need to mock. I'll wan to get these changes in first and later in the near future we should revisit the auth middleware architecture and refactor it a bit more to be more testable and future proof.
Allow to switch jwt access token verification and off. Many (most?) IDP
provide JWT encoded access tokens. If ocis is configure to assume jwt
access tokens (access_token_verify_method==jwt) we now properly verify
the tokens signature and a set of standard claims ("exp", "iat" and nbf"
by way of the jwt module's standard verification and "iss" explicitliy).
This change also allows for introduction of other access token verification
mechanism in the future (e.g. through introspection (RFC7662).
