Remove Extra Determine ALG Function

Author: developerkunal

authentication/authentication.go

@@ -4,15 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
-	"fmt"
 	"net/http"
 	"net/url"
 	"reflect"
 	"strings"
 	"time"
 
-	"github.com/lestrrat-go/jwx/v2/jwa"
-
 	"github.com/auth0/go-auth0/authentication/oauth"
 	"github.com/auth0/go-auth0/internal/client"
 	"github.com/auth0/go-auth0/internal/idtokenvalidator"
@@ -253,7 +250,7 @@ func (a *Authentication) addClientAuthenticationToURLValues(params oauth.ClientA
 
 	switch {
 	case a.clientAssertionSigningKey != "" && a.clientAssertionSigningAlg != "":
-		alg, err := determineAlg(a.clientAssertionSigningAlg)
+		alg, err := client.DetermineSigningAlgorithm(a.clientAssertionSigningAlg)
 		if err != nil {
 			return err
 		}
@@ -295,7 +292,7 @@ func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth
 	}
 
 	if a.clientAssertionSigningKey != "" && a.clientAssertionSigningAlg != "" {
-		alg, err := determineAlg(a.clientAssertionSigningAlg)
+		alg, err := client.DetermineSigningAlgorithm(a.clientAssertionSigningAlg)
 		if err != nil {
 			return err
 		}
@@ -323,28 +320,3 @@ func (a *Authentication) addClientAuthenticationToClientAuthStruct(params *oauth
 
 	return nil
 }
-
-func determineAlg(alg string) (jwa.SignatureAlgorithm, error) {
-	switch alg {
-	case "RS256":
-		return jwa.RS256, nil
-	case "RS384":
-		return jwa.RS384, nil
-	case "RS512":
-		return jwa.RS512, nil
-	case "PS256":
-		return jwa.PS256, nil
-	case "PS384":
-		return jwa.PS384, nil
-	case "PS512":
-		return jwa.PS512, nil
-	case "ES256":
-		return jwa.ES256, nil
-	case "ES384":
-		return jwa.ES384, nil
-	case "ES512":
-		return jwa.ES512, nil
-	default:
-		return "", fmt.Errorf("unsupported client assertion algorithm %q provided", alg)
-	}
-}

authentication/oauth_test.go

@@ -318,7 +318,7 @@ func TestLoginWithClientCredentials(t *testing.T) {
 			Audience: "test-audience",
 		}, oauth.IDTokenValidationOptions{})
 
-		assert.ErrorContains(t, err, "unsupported client assertion algorithm \"invalid-alg\" provided")
+		assert.ErrorContains(t, err, "unsupported client assertion algorithm \"invalid-alg\"")
 	})
 
 	t.Run("Should support passing an organization", func(t *testing.T) {

internal/client/jwt_token_source.go

@@ -14,7 +14,7 @@ import (
 	"golang.org/x/oauth2/clientcredentials"
 )
 
-// privateKeyJwtTokenSource implements oauth2.TokenSource for Private Key JWT client authentication
+// privateKeyJwtTokenSource implements oauth2.TokenSource for Private Key JWT client authentication.
 type privateKeyJwtTokenSource struct {
 	ctx                       context.Context
 	uri                       string
@@ -24,7 +24,7 @@ type privateKeyJwtTokenSource struct {
 	audience                  string
 }
 
-// newPrivateKeyJwtTokenSource creates a new token source that uses Private Key JWT authentication
+// newPrivateKeyJwtTokenSource creates a new token source that uses Private Key JWT authentication.
 func newPrivateKeyJwtTokenSource(
 	ctx context.Context,
 	uri,
@@ -45,9 +45,9 @@ func newPrivateKeyJwtTokenSource(
 	return oauth2.ReuseTokenSource(nil, source)
 }
 
-// Token generates a new token using Private Key JWT client authentication
+// Token generates a new token using Private Key JWT client authentication.
 func (p privateKeyJwtTokenSource) Token() (*oauth2.Token, error) {
-	alg, err := determineAlg(p.clientAssertionSigningAlg)
+	alg, err := DetermineSigningAlgorithm(p.clientAssertionSigningAlg)
 	if err != nil {
 		return nil, fmt.Errorf("invalid algorithm: %w", err)
 	}
@@ -86,8 +86,8 @@ func (p privateKeyJwtTokenSource) Token() (*oauth2.Token, error) {
 	return token, nil
 }
 
-// determineAlg returns the appropriate JWA signature algorithm based on the string representation
-func determineAlg(alg string) (jwa.SignatureAlgorithm, error) {
+// DetermineSigningAlgorithm returns the appropriate JWA signature algorithm based on the string representation.
+func DetermineSigningAlgorithm(alg string) (jwa.SignatureAlgorithm, error) {
 	switch alg {
 	case "RS256":
 		return jwa.RS256, nil
@@ -112,7 +112,7 @@ func determineAlg(alg string) (jwa.SignatureAlgorithm, error) {
 	}
 }
 
-// CreateClientAssertion creates a JWT token for client authentication with the specified lifetime
+// CreateClientAssertion creates a JWT token for client authentication with the specified lifetime.
 func CreateClientAssertion(alg jwa.SignatureAlgorithm, signingKey, clientID, audience string) (string, error) {
 	key, err := jwk.ParseKey([]byte(signingKey), jwk.WithPEM(true))
 	if err != nil {
@@ -146,7 +146,7 @@ func CreateClientAssertion(alg jwa.SignatureAlgorithm, signingKey, clientID, aud
 	return string(signedToken), nil
 }
 
-// verifyKeyCompatibility checks if the provided key is compatible with the specified algorithm
+// verifyKeyCompatibility checks if the provided key is compatible with the specified algorithm.
 func verifyKeyCompatibility(alg jwa.SignatureAlgorithm, key jwk.Key) error {
 	keyType := key.KeyType()
 

internal/client/jwt_token_source_test.go

@@ -46,7 +46,7 @@ func TestDetermineAlg(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.name, func(t *testing.T) {
-			alg, err := determineAlg(tc.algorithm)
+			alg, err := DetermineSigningAlgorithm(tc.algorithm)
 
 			if tc.expectedError {
 				assert.Error(t, err)
@@ -84,7 +84,7 @@ func TestClientAssertion(t *testing.T) {
 	}
 
 	// Get the signed assertion
-	alg, err := determineAlg(ts.clientAssertionSigningAlg)
+	alg, err := DetermineSigningAlgorithm(ts.clientAssertionSigningAlg)
 	require.NoError(t, err)
 
 	baseURL, err := url.Parse(ts.uri)
@@ -149,7 +149,7 @@ func TestECClientAssertion(t *testing.T) {
 	}
 
 	// Get the signed assertion
-	alg, err := determineAlg(ts.clientAssertionSigningAlg)
+	alg, err := DetermineSigningAlgorithm(ts.clientAssertionSigningAlg)
 	require.NoError(t, err)
 
 	baseURL, err := url.Parse(ts.uri)
@@ -224,7 +224,7 @@ func TestIncompatibleKeyTypeForAlgorithm(t *testing.T) {
 	}
 
 	// Get the signed assertion
-	alg, err := determineAlg(ts.clientAssertionSigningAlg)
+	alg, err := DetermineSigningAlgorithm(ts.clientAssertionSigningAlg)
 	require.NoError(t, err)
 
 	baseURL, err := url.Parse(ts.uri)
@@ -312,58 +312,57 @@ func TestPrivateKeyJwtTokenSource(t *testing.T) {
 	assert.Equal(t, "Bearer", token.TokenType)
 }
 
-
 func TestPrivateKeyJwtTokenSourceRefresh(t *testing.T) {
-    // Generate a test RSA key
-    privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
-    require.NoError(t, err)
-    privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
-    privateKeyPEM := pem.EncodeToMemory(&pem.Block{
-        Type:  "RSA PRIVATE KEY",
-        Bytes: privateKeyBytes,
-    })
-
-    // Track token request count
-    requestCount := 0
-    
-    // Create a test server
-    server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        requestCount++
-        
-        // Return a token with short expiration
-        w.Header().Set("Content-Type", "application/json")
-        w.Write([]byte(fmt.Sprintf(`{
+	// Generate a test RSA key
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	require.NoError(t, err)
+	privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
+	privateKeyPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: privateKeyBytes,
+	})
+
+	// Track token request count
+	requestCount := 0
+
+	// Create a test server
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		requestCount++
+
+		// Return a token with short expiration
+		w.Header().Set("Content-Type", "application/json")
+		w.Write(fmt.Appendf(nil, `{
             "access_token": "mock-token-%d",
             "token_type": "Bearer",
             "expires_in": 2
-        }`, requestCount)))
-    }))
-    defer server.Close()
-
-    // Create token source
-    tokenSource := newPrivateKeyJwtTokenSource(
-        context.Background(),
-        server.URL,
-        "RS256",
-        string(privateKeyPEM),
-        "test-client-id",
-        "test-audience",
-    )
-
-    // Get first token
-    token1, err := tokenSource.Token()
-    require.NoError(t, err)
-    assert.Equal(t, "mock-token-1", token1.AccessToken)
-    
-    // Wait for token to expire (just over 2 seconds)
-    time.Sleep(3 * time.Second)
-    
-    // Get second token - should trigger a refresh
-    token2, err := tokenSource.Token()
-    require.NoError(t, err)
-    assert.Equal(t, "mock-token-2", token2.AccessToken)
-    assert.NotEqual(t, token1.AccessToken, token2.AccessToken)
-    
-    // Verify server received two requests
-    assert.Equal(t, 2, requestCount)
-}
+        }`, requestCount))
+	}))
+	defer server.Close()
+
+	// Create token source
+	tokenSource := newPrivateKeyJwtTokenSource(
+		context.Background(),
+		server.URL,
+		"RS256",
+		string(privateKeyPEM),
+		"test-client-id",
+		"test-audience",
+	)
+
+	// Get first token
+	token1, err := tokenSource.Token()
+	require.NoError(t, err)
+	assert.Equal(t, "mock-token-1", token1.AccessToken)
+
+	// Wait for token to expire (just over 2 seconds)
+	time.Sleep(3 * time.Second)
+
+	// Get second token - should trigger a refresh
+	token2, err := tokenSource.Token()
+	require.NoError(t, err)
+	assert.Equal(t, "mock-token-2", token2.AccessToken)
+	assert.NotEqual(t, token1.AccessToken, token2.AccessToken)
+
+	// Verify server received two requests
+	assert.Equal(t, 2, requestCount)
+}

internal/idtokenvalidator/idtokenvalidator.go

@@ -45,7 +45,7 @@ func New(
 	if i := strings.Index(domain, "//"); i != -1 {
 		domain = domain[i+2:]
 	}
-	alg, err := determineAlg(idTokenSigningAlg)
+	alg, err := determineSigningAlgorithm(idTokenSigningAlg)
 	if err != nil {
 		return nil, err
 	}
@@ -201,7 +201,7 @@ func (i *IDTokenValidator) Validate(idToken string, optional ValidationOptions)
 	return err
 }
 
-func determineAlg(alg string) (jwa.SignatureAlgorithm, error) {
+func determineSigningAlgorithm(alg string) (jwa.SignatureAlgorithm, error) {
 	switch alg {
 	case "HS256":
 		return jwa.HS256, nil