bump(github.com/coreos/go-oidc): be73733bb8cc830d0205609b95d125215f8e9c70

Includes updates that enable OIDC with OKTA as a IDP

vendor/github.com/coreos/go-oidc/http/doc.go

@@ -0,0 +1,2 @@
+// Package http is DEPRECATED. Use net/http instead.
+package http

vendor/github.com/coreos/go-oidc/jose/doc.go

@@ -0,0 +1,2 @@
+// Package jose is DEPRECATED. Use gopkg.in/square/go-jose.v2 instead.
+package jose

vendor/github.com/coreos/go-oidc/jose/jwk.go

@@ -104,7 +104,7 @@ func encodeExponent(e int) string {
 			break
 		}
 	}
-	return base64.URLEncoding.EncodeToString(b[idx:])
+	return base64.RawURLEncoding.EncodeToString(b[idx:])
 }
 
 // Turns a URL encoded modulus of a key into a big int.
@@ -119,7 +119,7 @@ func decodeModulus(n string) (*big.Int, error) {
 }
 
 func encodeModulus(n *big.Int) string {
-	return base64.URLEncoding.EncodeToString(n.Bytes())
+	return base64.RawURLEncoding.EncodeToString(n.Bytes())
 }
 
 // decodeBase64URLPaddingOptional decodes Base64 whether there is padding or not.

vendor/github.com/coreos/go-oidc/jose/sig_hmac.go

@@ -1,67 +0,0 @@
-package jose
-
-import (
-	"bytes"
-	"crypto"
-	"crypto/hmac"
-	_ "crypto/sha256"
-	"errors"
-	"fmt"
-)
-
-type VerifierHMAC struct {
-	KeyID  string
-	Hash   crypto.Hash
-	Secret []byte
-}
-
-type SignerHMAC struct {
-	VerifierHMAC
-}
-
-func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
-	if jwk.Alg != "" && jwk.Alg != "HS256" {
-		return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
-	}
-
-	v := VerifierHMAC{
-		KeyID:  jwk.ID,
-		Secret: jwk.Secret,
-		Hash:   crypto.SHA256,
-	}
-
-	return &v, nil
-}
-
-func (v *VerifierHMAC) ID() string {
-	return v.KeyID
-}
-
-func (v *VerifierHMAC) Alg() string {
-	return "HS256"
-}
-
-func (v *VerifierHMAC) Verify(sig []byte, data []byte) error {
-	h := hmac.New(v.Hash.New, v.Secret)
-	h.Write(data)
-	if !bytes.Equal(sig, h.Sum(nil)) {
-		return errors.New("invalid hmac signature")
-	}
-	return nil
-}
-
-func NewSignerHMAC(kid string, secret []byte) *SignerHMAC {
-	return &SignerHMAC{
-		VerifierHMAC: VerifierHMAC{
-			KeyID:  kid,
-			Secret: secret,
-			Hash:   crypto.SHA256,
-		},
-	}
-}
-
-func (s *SignerHMAC) Sign(data []byte) ([]byte, error) {
-	h := hmac.New(s.Hash.New, s.Secret)
-	h.Write(data)
-	return h.Sum(nil), nil
-}

vendor/github.com/coreos/go-oidc/key/doc.go

@@ -0,0 +1,2 @@
+// Package key is DEPRECATED. Use github.com/coreos/go-oidc instead.
+package key

vendor/github.com/coreos/go-oidc/oauth2/doc.go

@@ -0,0 +1,2 @@
+// Package oauth2 is DEPRECATED. Use golang.org/x/oauth instead.
+package oauth2

vendor/github.com/coreos/go-oidc/oidc/doc.go

@@ -0,0 +1,2 @@
+// Package oidc is DEPRECATED. Use github.com/coreos/go-oidc instead.
+package oidc

vendor/github.com/coreos/go-oidc/oidc/provider.go

@@ -353,9 +353,6 @@ func (p ProviderConfig) Valid() error {
 	if !contains(p.IDTokenSigningAlgValues, "RS256") {
 		return errors.New("id_token_signing_alg_values_supported must include 'RS256'")
 	}
-	if contains(p.TokenEndpointAuthMethodsSupported, "none") {
-		return errors.New("token_endpoint_auth_signing_alg_values_supported cannot include 'none'")
-	}
 
 	uris := []struct {
 		val      *url.URL
@@ -567,7 +564,7 @@ func (n *pcsStepNext) step(fn pcsStepFunc) (next pcsStepper) {
 		next = &pcsStepNext{aft: ttl}
 	} else {
 		next = &pcsStepRetry{aft: time.Second}
-		log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
+		log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
 	}
 	return
 }
@@ -586,7 +583,7 @@ func (r *pcsStepRetry) step(fn pcsStepFunc) (next pcsStepper) {
 		next = &pcsStepNext{aft: ttl}
 	} else {
 		next = &pcsStepRetry{aft: timeutil.ExpBackoff(r.aft, time.Minute)}
-		log.Printf("go-oidc: provider config sync falied, retyring in %v: %v", next.after(), err)
+		log.Printf("go-oidc: provider config sync failed, retrying in %v: %v", next.after(), err)
 	}
 	return
 }