config: Remove duplicates JWKS IDs from wellknown config

Closes #1413 Signed-off-by: aeneasr <aeneas@ory.sh>
ory · May 2, 2019 · b5c2565 · b5c2565
1 parent 32e23bc
commit b5c2565
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 6 deletions.
diff --git a/driver/configuration/provider_viper.go b/driver/configuration/provider_viper.go
@@ -97,7 +97,7 @@ func (v *ViperProvider) WellKnownKeys(include ...string) []string {
 	}
 
 	include = append(include, x.OpenIDConnectKeyName)
-	return append(viperx.GetStringSlice(v.l, ViperKeyWellKnownKeys, []string{}), include...)
+	return stringslice.Unique(append(viperx.GetStringSlice(v.l, ViperKeyWellKnownKeys, []string{}), include...))
 }
 
 func (v *ViperProvider) ServesHTTPS() bool {

diff --git a/driver/configuration/provider_viper_test.go b/driver/configuration/provider_viper_test.go
@@ -6,6 +6,8 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/ory/hydra/x"
+
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
@@ -51,3 +53,8 @@ func TestSubjectTypesSupported(t *testing.T) {
 		})
 	}
 }
+
+func TestWellKnownKeysUnique(t *testing.T) {
+	p := NewViperProvider(logrus.New(), false, nil)
+	assert.EqualValues(t, []string{x.OAuth2JWTKeyName, x.OpenIDConnectKeyName}, p.WellKnownKeys(x.OAuth2JWTKeyName, x.OpenIDConnectKeyName, x.OpenIDConnectKeyName))
+}
diff --git a/jwk/handler.go b/jwk/handler.go
@@ -25,6 +25,8 @@ import (
 	"fmt"
 	"net/http"
 
+	"github.com/ory/x/stringslice"
+
 	"github.com/ory/hydra/x"
 
 	"github.com/julienschmidt/httprouter"
@@ -33,7 +35,6 @@ import (
 )
 
 const (
-	IDTokenKeyName    = "hydra.openid.id-token"
 	KeyHandlerPath    = "/keys"
 	WellKnownKeysPath = "/.well-known/jwks.json"
 )
@@ -85,7 +86,7 @@ func (h *Handler) SetRoutes(admin *x.RouterAdmin, public *x.RouterPublic, corsMi
 func (h *Handler) WellKnown(w http.ResponseWriter, r *http.Request) {
 	var jwks jose.JSONWebKeySet
 
-	for _, set := range h.c.WellKnownKeys() {
+	for _, set := range stringslice.Unique(h.c.WellKnownKeys()) {
 		keys, err := h.r.KeyManager().GetKeySet(r.Context(), set)
 		if err != nil {
 			h.r.Writer().WriteError(w, r, err)

diff --git a/jwk/handler_test.go b/jwk/handler_test.go
@@ -27,26 +27,30 @@ import (
 	"net/http/httptest"
 	"testing"
 
+	"github.com/spf13/viper"
+
+	"github.com/ory/hydra/driver/configuration"
+
 	"github.com/ory/hydra/x"
 
 	"github.com/ory/hydra/internal"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"gopkg.in/square/go-jose.v2"
-
-	. "github.com/ory/hydra/jwk"
 )
 
 func TestHandlerWellKnown(t *testing.T) {
 	conf := internal.NewConfigurationWithDefaults()
 	reg := internal.NewRegistry(conf)
 
+	viper.Set(configuration.ViperKeyWellKnownKeys, []string{x.OpenIDConnectKeyName, x.OpenIDConnectKeyName})
+
 	router := x.NewRouterPublic()
 	IDKS, _ := testGenerator.Generate("test-id", "sig")
 
 	h := reg.KeyHandler()
-	require.NoError(t, reg.KeyManager().AddKeySet(context.TODO(), IDTokenKeyName, IDKS))
+	require.NoError(t, reg.KeyManager().AddKeySet(context.TODO(), x.OpenIDConnectKeyName, IDKS))
 
 	h.SetRoutes(router.RouterAdmin(), router, func(h http.Handler) http.Handler {
 		return h
@@ -62,6 +66,8 @@ func TestHandlerWellKnown(t *testing.T) {
 	err = json.NewDecoder(res.Body).Decode(&known)
 	require.NoError(t, err, "problem in decoding response")
 
+	require.Len(t, known.Keys, 1)
+
 	resp := known.Key("public:test-id")
 	require.NotNil(t, resp, "Could not find key public")
 	assert.Equal(t, resp, IDKS.Key("public:test-id"))