From fbfced10d3c6b39458880dc852fe3bd9cf794a9d Mon Sep 17 00:00:00 2001
From: Henning Perl <henning.perl@ory.sh>
Date: Tue, 10 Dec 2024 20:33:18 +0100
Subject: [PATCH] simplify, coverage

---
 selfservice/flow/registration/handler.go      |  3 +-
 selfservice/strategy/oidc/provider_jackson.go | 51 +++----------------
 .../strategy/oidc/provider_jackson_test.go    | 33 ++++++++++++
 3 files changed, 40 insertions(+), 47 deletions(-)
 create mode 100644 selfservice/strategy/oidc/provider_jackson_test.go

diff --git a/selfservice/flow/registration/handler.go b/selfservice/flow/registration/handler.go
index 941eb0ecd478..c3f46d3a8397 100644
--- a/selfservice/flow/registration/handler.go
+++ b/selfservice/flow/registration/handler.go
@@ -142,8 +142,7 @@ func (h *Handler) NewRegistrationFlow(w http.ResponseWriter, r *http.Request, ft
 		} else {
 			f.OrganizationID = uuid.NullUUID{UUID: orgID, Valid: true}
 			strategyFilters = []StrategyFilter{func(s Strategy) bool {
-				return s.ID() == identity.CredentialsTypeOIDC ||
-					s.ID() == identity.CredentialsTypeSAML
+				return s.ID() == identity.CredentialsTypeOIDC || s.ID() == identity.CredentialsTypeSAML
 			}}
 		}
 	}
diff --git a/selfservice/strategy/oidc/provider_jackson.go b/selfservice/strategy/oidc/provider_jackson.go
index f1737f5d26f9..f83a88306e62 100644
--- a/selfservice/strategy/oidc/provider_jackson.go
+++ b/selfservice/strategy/oidc/provider_jackson.go
@@ -5,13 +5,11 @@ package oidc
 
 import (
 	"context"
-	"net/url"
+	"strings"
 
-	gooidc "github.com/coreos/go-oidc/v3/oidc"
-	"github.com/pkg/errors"
+	"github.com/coreos/go-oidc/v3/oidc"
 	"golang.org/x/oauth2"
 
-	"github.com/ory/herodot"
 	"github.com/ory/x/urlx"
 )
 
@@ -33,13 +31,14 @@ func NewProviderJackson(
 
 func (j *ProviderJackson) setProvider(ctx context.Context) {
 	if j.ProviderGenericOIDC.p == nil {
-		config := gooidc.ProviderConfig{
+		internalHost := strings.TrimSuffix(j.config.TokenURL, "/api/oauth/token")
+		config := oidc.ProviderConfig{
 			IssuerURL:     j.config.IssuerURL,
 			AuthURL:       j.config.AuthURL,
 			TokenURL:      j.config.TokenURL,
 			DeviceAuthURL: "",
-			UserInfoURL:   j.config.IssuerURL + "/api/oauth/userinfo",
-			JWKSURL:       j.config.IssuerURL + "/oauth/jwks",
+			UserInfoURL:   internalHost + "/api/oauth/userinfo",
+			JWKSURL:       internalHost + "/oauth/jwks",
 			Algorithms:    []string{"RS256"},
 		}
 		j.ProviderGenericOIDC.p = config.NewProvider(j.withHTTPClientContext(ctx))
@@ -56,41 +55,3 @@ func (j *ProviderJackson) OAuth2(ctx context.Context) (*oauth2.Config, error) {
 
 	return config, nil
 }
-
-func (j *ProviderJackson) Claims(ctx context.Context, exchange *oauth2.Token, query url.Values) (*Claims, error) {
-	j.setProvider(ctx)
-	return j.claimsFromIDToken(ctx, exchange)
-}
-
-func (j *ProviderJackson) claimsFromIDToken(ctx context.Context, exchange *oauth2.Token) (*Claims, error) {
-	p, raw, err := j.idTokenAndProvider(ctx, exchange)
-	if err != nil {
-		return nil, err
-	}
-
-	return j.verifyAndDecodeClaimsWithProvider(ctx, p, raw)
-}
-
-func (j *ProviderJackson) verifyAndDecodeClaimsWithProvider(ctx context.Context, provider *gooidc.Provider, raw string) (*Claims, error) {
-	verifier := provider.VerifierContext(j.withHTTPClientContext(ctx), &gooidc.Config{
-		ClientID:        j.config.ClientID,
-		SkipIssuerCheck: true,
-	})
-	token, err := verifier.Verify(ctx, raw)
-	if err != nil {
-		return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err))
-	}
-
-	var claims Claims
-	if err := token.Claims(&claims); err != nil {
-		return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err))
-	}
-
-	var rawClaims map[string]interface{}
-	if err := token.Claims(&rawClaims); err != nil {
-		return nil, errors.WithStack(herodot.ErrBadRequest.WithReasonf("%s", err))
-	}
-	claims.RawClaims = rawClaims
-
-	return &claims, nil
-}
diff --git a/selfservice/strategy/oidc/provider_jackson_test.go b/selfservice/strategy/oidc/provider_jackson_test.go
new file mode 100644
index 000000000000..506bfc43afb5
--- /dev/null
+++ b/selfservice/strategy/oidc/provider_jackson_test.go
@@ -0,0 +1,33 @@
+package oidc_test
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/ory/kratos/internal"
+	"github.com/ory/kratos/selfservice/strategy/oidc"
+)
+
+func TestProviderJackson(t *testing.T) {
+	_, reg := internal.NewVeryFastRegistryWithoutDB(t)
+
+	j := oidc.NewProviderJackson(&oidc.Configuration{
+		Provider:  "jackson",
+		IssuerURL: "https://www.jackson.com/oauth",
+		AuthURL:   "https://www.jackson.com/oauth/auth",
+		TokenURL:  "https://www.jackson.com/api/oauth/token",
+		Mapper:    "file://./stub/hydra.schema.json",
+		Scope:     []string{"email", "profile"},
+		ID:        "some-id",
+	}, reg)
+	assert.NotNil(t, j)
+
+	c, err := j.(oidc.OAuth2Provider).OAuth2(context.Background())
+	require.NoError(t, err)
+
+	assert.True(t, strings.HasSuffix(c.RedirectURL, "/self-service/methods/saml/callback/some-id"))
+}