From c53e426ed48ac0cb62422436685a22ea02188cd1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 17 Apr 2023 20:10:40 +0000
Subject: [PATCH 1/3] fix(deps): update module github.com/golang-jwt/jwt/v4 to
 v5

---
 go.mod                    | 2 +-
 go.sum                    | 4 ++--
 pkg/testing/jwt/encode.go | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 06606956..e7aa2987 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/alexflint/go-filemutex v1.2.0
 	github.com/chromedp/chromedp v0.9.1
 	github.com/coreos/go-oidc/v3 v3.5.0
-	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/golang-jwt/jwt/v5 v5.0.0
 	github.com/google/go-cmp v0.5.9
 	github.com/google/wire v0.5.0
 	github.com/int128/oauth2cli v1.14.0
diff --git a/go.sum b/go.sum
index 73fce7a3..ac38f8e5 100644
--- a/go.sum
+++ b/go.sum
@@ -78,8 +78,8 @@ github.com/gobwas/ws v1.1.0 h1:7RFti/xnNkMJnrK7D1yQ/iCIB5OrrY/54/H930kIbHA=
 github.com/gobwas/ws v1.1.0/go.mod h1:nzvNcVha5eUziGrbxFCo6qFIojQHjJV5cLYIbezhfL0=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
-github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
+github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
+github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
diff --git a/pkg/testing/jwt/encode.go b/pkg/testing/jwt/encode.go
index 393b91b3..acff6ccf 100644
--- a/pkg/testing/jwt/encode.go
+++ b/pkg/testing/jwt/encode.go
@@ -5,7 +5,7 @@ import (
 	"crypto/rsa"
 	"testing"
 
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt/v5"
 )
 
 var PrivateKey = generateKey(1024)

From 2c2688e3a9e8c2db9ba32cf8b56995a32ea854da Mon Sep 17 00:00:00 2001
From: Hidetake Iwata <int128@gmail.com>
Date: Sun, 14 May 2023 21:20:02 +0900
Subject: [PATCH 2/3] Replace with `jwt.RegisteredClaims`

---
 pkg/testing/jwt/encode.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/testing/jwt/encode.go b/pkg/testing/jwt/encode.go
index acff6ccf..f68e393c 100644
--- a/pkg/testing/jwt/encode.go
+++ b/pkg/testing/jwt/encode.go
@@ -19,7 +19,7 @@ func generateKey(b int) *rsa.PrivateKey {
 }
 
 type Claims struct {
-	jwt.StandardClaims
+	jwt.RegisteredClaims
 	// aud claim is either a string or an array of strings.
 	// https://tools.ietf.org/html/rfc7519#section-4.1.3
 	Audience      []string `json:"aud,omitempty"`

From 676155b23f06249e157f0daf952e29a6e970933b Mon Sep 17 00:00:00 2001
From: Hidetake Iwata <int128@gmail.com>
Date: Sun, 14 May 2023 21:28:04 +0900
Subject: [PATCH 3/3] Replace with `jwt.NewNumericDate`

---
 integration_test/oidcserver/server.go         | 23 ++++++++++---------
 .../authentication/authentication_test.go     |  3 ++-
 .../credentialplugin/get_token_test.go        |  3 ++-
 pkg/usecases/setup/stage2_test.go             |  3 ++-
 pkg/usecases/standalone/standalone_test.go    |  3 ++-
 5 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/integration_test/oidcserver/server.go b/integration_test/oidcserver/server.go
index 7ba87714..807c37ea 100644
--- a/integration_test/oidcserver/server.go
+++ b/integration_test/oidcserver/server.go
@@ -10,10 +10,11 @@ import (
 	"testing"
 	"time"
 
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/int128/kubelogin/integration_test/keypair"
 	"github.com/int128/kubelogin/integration_test/oidcserver/handler"
 	"github.com/int128/kubelogin/integration_test/oidcserver/http"
-	"github.com/int128/kubelogin/pkg/testing/jwt"
+	testingJWT "github.com/int128/kubelogin/pkg/testing/jwt"
 )
 
 type Server interface {
@@ -94,7 +95,7 @@ func (sv *server) Discovery() *handler.DiscoveryResponse {
 }
 
 func (sv *server) GetCertificates() *handler.CertificatesResponse {
-	idTokenKeyPair := jwt.PrivateKey
+	idTokenKeyPair := testingJWT.PrivateKey
 	return &handler.CertificatesResponse{
 		Keys: []*handler.CertificatesResponseKey{
 			{
@@ -145,11 +146,11 @@ func (sv *server) Exchange(req handler.TokenRequest) (*handler.TokenResponse, er
 		ExpiresIn:    3600,
 		AccessToken:  "YOUR_ACCESS_TOKEN",
 		RefreshToken: sv.Response.RefreshToken,
-		IDToken: jwt.EncodeF(sv.t, func(claims *jwt.Claims) {
+		IDToken: testingJWT.EncodeF(sv.t, func(claims *testingJWT.Claims) {
 			claims.Issuer = sv.issuerURL
 			claims.Subject = "SUBJECT"
-			claims.IssuedAt = sv.Response.IDTokenExpiry.Add(-time.Hour).Unix()
-			claims.ExpiresAt = sv.Response.IDTokenExpiry.Unix()
+			claims.IssuedAt = jwt.NewNumericDate(sv.Response.IDTokenExpiry.Add(-time.Hour))
+			claims.ExpiresAt = jwt.NewNumericDate(sv.Response.IDTokenExpiry)
 			claims.Audience = []string{"kubernetes"}
 			claims.Nonce = sv.lastAuthenticationRequest.Nonce
 		}),
@@ -178,11 +179,11 @@ func (sv *server) AuthenticatePassword(username, password, scope string) (*handl
 		ExpiresIn:    3600,
 		AccessToken:  "YOUR_ACCESS_TOKEN",
 		RefreshToken: sv.Response.RefreshToken,
-		IDToken: jwt.EncodeF(sv.t, func(claims *jwt.Claims) {
+		IDToken: testingJWT.EncodeF(sv.t, func(claims *testingJWT.Claims) {
 			claims.Issuer = sv.issuerURL
 			claims.Subject = "SUBJECT"
-			claims.IssuedAt = sv.Response.IDTokenExpiry.Add(-time.Hour).Unix()
-			claims.ExpiresAt = sv.Response.IDTokenExpiry.Unix()
+			claims.IssuedAt = jwt.NewNumericDate(sv.Response.IDTokenExpiry.Add(-time.Hour))
+			claims.ExpiresAt = jwt.NewNumericDate(sv.Response.IDTokenExpiry)
 			claims.Audience = []string{"kubernetes"}
 		}),
 	}
@@ -202,11 +203,11 @@ func (sv *server) Refresh(refreshToken string) (*handler.TokenResponse, error) {
 		ExpiresIn:    3600,
 		AccessToken:  "YOUR_ACCESS_TOKEN",
 		RefreshToken: sv.Response.RefreshToken,
-		IDToken: jwt.EncodeF(sv.t, func(claims *jwt.Claims) {
+		IDToken: testingJWT.EncodeF(sv.t, func(claims *testingJWT.Claims) {
 			claims.Issuer = sv.issuerURL
 			claims.Subject = "SUBJECT"
-			claims.IssuedAt = sv.Response.IDTokenExpiry.Add(-time.Hour).Unix()
-			claims.ExpiresAt = sv.Response.IDTokenExpiry.Unix()
+			claims.IssuedAt = jwt.NewNumericDate(sv.Response.IDTokenExpiry.Add(-time.Hour))
+			claims.ExpiresAt = jwt.NewNumericDate(sv.Response.IDTokenExpiry)
 			claims.Audience = []string{"kubernetes"}
 		}),
 	}
diff --git a/pkg/usecases/authentication/authentication_test.go b/pkg/usecases/authentication/authentication_test.go
index c0b1489c..63faba0c 100644
--- a/pkg/usecases/authentication/authentication_test.go
+++ b/pkg/usecases/authentication/authentication_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/google/go-cmp/cmp"
 	"github.com/int128/kubelogin/pkg/oidc"
 	"github.com/int128/kubelogin/pkg/oidc/client"
@@ -32,7 +33,7 @@ func TestAuthentication_Do(t *testing.T) {
 	issuedIDToken := testingJWT.EncodeF(t, func(claims *testingJWT.Claims) {
 		claims.Issuer = "https://accounts.google.com"
 		claims.Subject = "YOUR_SUBJECT"
-		claims.ExpiresAt = expiryTime.Unix()
+		claims.ExpiresAt = jwt.NewNumericDate(expiryTime)
 	})
 
 	t.Run("HasValidIDToken", func(t *testing.T) {
diff --git a/pkg/usecases/credentialplugin/get_token_test.go b/pkg/usecases/credentialplugin/get_token_test.go
index b541f91c..6e115994 100644
--- a/pkg/usecases/credentialplugin/get_token_test.go
+++ b/pkg/usecases/credentialplugin/get_token_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/int128/kubelogin/pkg/credentialplugin"
 	"github.com/int128/kubelogin/pkg/credentialplugin/writer"
 	"github.com/int128/kubelogin/pkg/infrastructure/mutex"
@@ -30,7 +31,7 @@ func TestGetToken_Do(t *testing.T) {
 	issuedIDToken := testingJWT.EncodeF(t, func(claims *testingJWT.Claims) {
 		claims.Issuer = "https://accounts.google.com"
 		claims.Subject = "YOUR_SUBJECT"
-		claims.ExpiresAt = issuedIDTokenExpiration.Unix()
+		claims.ExpiresAt = jwt.NewNumericDate(issuedIDTokenExpiration)
 	})
 	issuedTokenSet := oidc.TokenSet{
 		IDToken:      issuedIDToken,
diff --git a/pkg/usecases/setup/stage2_test.go b/pkg/usecases/setup/stage2_test.go
index 51bb5799..14176335 100644
--- a/pkg/usecases/setup/stage2_test.go
+++ b/pkg/usecases/setup/stage2_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/int128/kubelogin/pkg/oidc"
 	testingJWT "github.com/int128/kubelogin/pkg/testing/jwt"
 	"github.com/int128/kubelogin/pkg/testing/logger"
@@ -19,7 +20,7 @@ func TestSetup_DoStage2(t *testing.T) {
 	issuedIDToken := testingJWT.EncodeF(t, func(claims *testingJWT.Claims) {
 		claims.Issuer = "https://issuer.example.com"
 		claims.Subject = "YOUR_SUBJECT"
-		claims.ExpiresAt = time.Now().Add(1 * time.Hour).Unix()
+		claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(1 * time.Hour))
 	})
 	dummyTLSClientConfig := tlsclientconfig.Config{
 		CACertFilename: []string{"/path/to/cert"},
diff --git a/pkg/usecases/standalone/standalone_test.go b/pkg/usecases/standalone/standalone_test.go
index 04c70fed..ce88373b 100644
--- a/pkg/usecases/standalone/standalone_test.go
+++ b/pkg/usecases/standalone/standalone_test.go
@@ -6,6 +6,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/int128/kubelogin/pkg/kubeconfig"
 	"github.com/int128/kubelogin/pkg/kubeconfig/loader"
 	"github.com/int128/kubelogin/pkg/kubeconfig/writer"
@@ -21,7 +22,7 @@ func TestStandalone_Do(t *testing.T) {
 	issuedIDToken := testingJWT.EncodeF(t, func(claims *testingJWT.Claims) {
 		claims.Issuer = "https://accounts.google.com"
 		claims.Subject = "YOUR_SUBJECT"
-		claims.ExpiresAt = issuedIDTokenExpiration.Unix()
+		claims.ExpiresAt = jwt.NewNumericDate(issuedIDTokenExpiration)
 	})
 
 	t.Run("FullOptions", func(t *testing.T) {