Implements the 4 OIDCClient methods that were TODO skeletons in PR #69:
- Discover(ctx) — fetch + cache .well-known/openid-configuration
- RefreshJWKS(ctx) — fetch JWKS, parse RSA public keys (n/e base64-url)
- ExchangeCode(ctx, code, codeVerifier, redirectURI) — POST token endpoint with PKCE
- ValidateIDToken(ctx, idToken) — verify signature via JWKS, validate claims
Plus 7 unit tests using httptest.NewServer to mock the OIDC provider:
TestDiscover_HappyPath, TestDiscover_Idempotent, TestRefreshJWKS_HappyPath,
TestExchangeCode_HappyPath, TestValidateIDToken_HappyPath,
TestValidateIDToken_RejectsExpired, TestValidateIDToken_RejectsWrongIssuer.
Mostly authored by Mistral Vibe (batch6, $3.51 / 46 steps), trainer-takeover
on 2 bugs:
- closure auto-reference bug (server := httptest.NewServer with closure
body referencing server.URL — needs var server *httptest.Server then
server = ...)
- ExchangeCode body wasn't being sent (req.PostForm = form is wrong;
must pass strings.NewReader(form.Encode()) as the request body)
Gabriel Radureau
dd25d7d1ae