Skip to content

refactor: Remove unused time injection from RemoteKeySet #466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ericchiang merged 1 commit into from
Aug 8, 2025
+5 −12
Merged

refactor: Remove unused time injection from RemoteKeySet #466

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 2 additions & 8 deletions oidc/jwks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
"io"
"net/http"
"sync"
"time"

jose "github.com/go-jose/go-jose/v4"
)
Expand Down Expand Up @@ -57,16 +56,12 @@ func (s *StaticKeySet) VerifySignature(ctx context.Context, jwt string) ([]byte,
// The returned KeySet is a long lived verifier that caches keys based on any
// keys change. Reuse a common remote key set instead of creating new ones as needed.
func NewRemoteKeySet(ctx context.Context, jwksURL string) *RemoteKeySet {
return newRemoteKeySet(ctx, jwksURL, time.Now)
return newRemoteKeySet(ctx, jwksURL)
}

func newRemoteKeySet(ctx context.Context, jwksURL string, now func() time.Time) *RemoteKeySet {
if now == nil {
now = time.Now
}
func newRemoteKeySet(ctx context.Context, jwksURL string) *RemoteKeySet {
return &RemoteKeySet{
jwksURL: jwksURL,
now: now,
// For historical reasons, this package uses contexts for configuration, not just
// cancellation. In hindsight, this was a bad idea.
//
Expand All @@ -81,7 +76,6 @@ func newRemoteKeySet(ctx context.Context, jwksURL string, now func() time.Time)
// a jwks_uri endpoint.
type RemoteKeySet struct {
jwksURL string
now func() time.Time

// Used for configuration. Cancelation is ignored.
ctx context.Context
Expand Down
7 changes: 3 additions & 4 deletions oidc/jwks_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ func TestKeyVerifyContextCanceled(t *testing.T) {
}))
defer s.Close()

rks := newRemoteKeySet(ctx, s.URL, nil)
rks := newRemoteKeySet(ctx, s.URL)

cancel()

Expand Down Expand Up @@ -195,7 +195,7 @@ func testKeyVerify(t *testing.T, good, bad *signingKey, verification ...*signing
s := httptest.NewServer(&keyServer{keys: keySet})
defer s.Close()

rks := newRemoteKeySet(ctx, s.URL, nil)
rks := newRemoteKeySet(ctx, s.URL)

// Ensure the token verifies.
gotPayload, err := rks.verify(ctx, jws)
Expand Down Expand Up @@ -242,7 +242,6 @@ func TestRotation(t *testing.T) {
}

cacheForSeconds := 1200
now := time.Now()

server := &keyServer{
keys: jose.JSONWebKeySet{
Expand All @@ -255,7 +254,7 @@ func TestRotation(t *testing.T) {
s := httptest.NewServer(server)
defer s.Close()

rks := newRemoteKeySet(ctx, s.URL, func() time.Time { return now })
rks := newRemoteKeySet(ctx, s.URL)

if _, err := rks.verify(ctx, jws1); err != nil {
t.Errorf("failed to verify valid signature: %v", err)
Expand Down