* oauth2/introspect: make endpoint rfc7662 compatible - closes #289

* connections: remove connections API - closes #265
* oauth2: token revocation endpoint - closes #233
* vendor: update to fosite 0.5.0

client/client.go

@@ -20,7 +20,7 @@ type Client struct {
 	ClientURI         string   `json:"client_uri" gorethink:"client_uri"`
 	LogoURI           string   `json:"logo_uri" gorethink:"logo_uri"`
 	Contacts          []string `json:"contacts" gorethink:"contacts"`
-	Public            bool `json:"public" gorethink:"public"`
+	Public            bool     `json:"public" gorethink:"public"`
 }
 
 func (c *Client) GetID() string {
@@ -69,4 +69,4 @@ func (c *Client) GetOwner() string {
 
 func (c *Client) IsPublic() bool {
 	return c.Public
-}
+}

client/handler.go

@@ -25,16 +25,16 @@ const (
 
 const (
 	ClientsResource = "rn:hydra:clients"
-	ClientResource = "rn:hydra:clients:%s"
-	Scope = "hydra.clients"
+	ClientResource  = "rn:hydra:clients:%s"
+	Scope           = "hydra.clients"
 )
 
 func (h *Handler) SetRoutes(r *httprouter.Router) {
 	r.GET(ClientsHandlerPath, h.GetAll)
 	r.POST(ClientsHandlerPath, h.Create)
-	r.GET(ClientsHandlerPath + "/:id", h.Get)
-	r.PUT(ClientsHandlerPath + "/:id", h.Update)
-	r.DELETE(ClientsHandlerPath + "/:id", h.Delete)
+	r.GET(ClientsHandlerPath+"/:id", h.Get)
+	r.PUT(ClientsHandlerPath+"/:id", h.Update)
+	r.DELETE(ClientsHandlerPath+"/:id", h.Delete)
 }
 
 func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
@@ -75,7 +75,7 @@ func (h *Handler) Create(w http.ResponseWriter, r *http.Request, _ httprouter.Pa
 	}
 
 	c.Secret = secret
-	h.H.WriteCreated(ctx, w, r, ClientsHandlerPath + "/" + c.GetID(), &c)
+	h.H.WriteCreated(ctx, w, r, ClientsHandlerPath+"/"+c.GetID(), &c)
 }
 
 func (h *Handler) Update(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
@@ -114,7 +114,7 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request, ps httprouter.P
 		return
 	}
 
-	h.H.WriteCreated(ctx, w, r, ClientsHandlerPath + "/" + c.GetID(), &c)
+	h.H.WriteCreated(ctx, w, r, ClientsHandlerPath+"/"+c.GetID(), &c)
 }
 
 func (h *Handler) GetAll(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {

client/manager_rethinkdb.go

@@ -156,7 +156,7 @@ func (m *RethinkManager) publishDelete(id string) error {
 }
 
 func (m *RethinkManager) Watch(ctx context.Context) {
-	go pkg.Retry(time.Second * 15, time.Minute, func() error {
+	go pkg.Retry(time.Second*15, time.Minute, func() error {
 		clients, err := m.Table.Changes().Run(m.Session)
 		if err != nil {
 			return errors.Wrap(err, "")

cmd/cli/handler_policy.go

@@ -229,4 +229,4 @@ func (h *PolicyHandler) DeletePolicy(cmd *cobra.Command, args []string) {
 		pkg.Must(err, "Could not delete policy: %s", err)
 		fmt.Printf("Connection %s deleted.\n", arg)
 	}
-}
+}

cmd/helper.go

@@ -6,6 +6,6 @@ import (
 )
 
 func fatal(message string, args ...interface{}) {
-	fmt.Printf(message + "\n", args...)
+	fmt.Printf(message+"\n", args...)
 	os.Exit(1)
 }

cmd/server/handler_oauth2_factory.go

@@ -103,10 +103,11 @@ func newOAuth2Provider(c *config.Config, km jwk.Manager) fosite.OAuth2Provider {
 		compose.OAuth2AuthorizeImplicitFactory,
 		compose.OAuth2ClientCredentialsGrantFactory,
 		compose.OAuth2RefreshTokenGrantFactory,
-		compose.OpenIDConnectExplicit,
-		compose.OpenIDConnectHybrid,
-		compose.OpenIDConnectImplicit,
+		compose.OpenIDConnectExplicitFactory,
+		compose.OpenIDConnectHybridFactory,
+		compose.OpenIDConnectImplicitFactory,
 		compose.OAuth2TokenRevocationFactory,
+		compose.OAuth2TokenIntrospectionFactory,
 	)
 }
 
@@ -136,8 +137,8 @@ func newOAuth2Handler(c *config.Config, router *httprouter.Router, km jwk.Manage
 			DefaultIDTokenLifespan:   c.GetIDTokenLifespan(),
 		},
 		ConsentURL: *consentURL,
-		Firewall: ctx.Warden,
-		H:        &herodot.JSON{},
+		Firewall:   ctx.Warden,
+		H:          &herodot.JSON{},
 	}
 
 	handler.SetRoutes(router)

cmd/version.go

@@ -8,9 +8,9 @@ import (
 )
 
 var (
-	Version = "dev-master"
+	Version   = "dev-master"
 	BuildTime = time.Now().String()
-	GitHash = "undefined"
+	GitHash   = "undefined"
 )
 
 // versionCmd represents the version command

config/config.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/Sirupsen/logrus"
+	"github.com/ory-am/fosite"
 	foauth2 "github.com/ory-am/fosite/handler/oauth2"
 	"github.com/ory-am/fosite/token/hmac"
 	"github.com/ory-am/hydra/pkg"
@@ -25,7 +26,6 @@ import (
 	"golang.org/x/oauth2/clientcredentials"
 	r "gopkg.in/dancannon/gorethink.v2"
 	"gopkg.in/yaml.v2"
-	"github.com/ory-am/fosite"
 )
 
 type Config struct {

config/context.go

@@ -1,16 +1,16 @@
 package config
 
 import (
+	"github.com/ory-am/fosite"
 	"github.com/ory-am/fosite/handler/oauth2"
 	"github.com/ory-am/hydra/firewall"
 	"github.com/ory-am/hydra/jwk"
 	"github.com/ory-am/hydra/pkg"
 	"github.com/ory-am/ladon"
-	"github.com/ory-am/fosite"
 )
 
 type Context struct {
-	Connection     interface{}
+	Connection interface{}
 
 	Hasher         fosite.Hasher
 	Warden         firewall.Firewall

glide.yaml

@@ -3,7 +3,7 @@ import:
 - package: github.com/Sirupsen/logrus
   version: ~0.10.0
 - package: github.com/asaskevich/govalidator
-  version: ~4.0.0
+  version: ~5.0.0
 - package: gopkg.in/dancannon/gorethink.v2
   version: ~2.1.3
 - package: github.com/go-errors/errors
@@ -18,7 +18,7 @@ import:
 - package: github.com/dgrijalva/jwt-go
   version: ~3.0.0
 - package: github.com/ory-am/fosite
-  version: ~0.4.0
+  version: ~0.5.0
   subpackages:
   - compose
   - fosite-example/pkg
@@ -32,13 +32,13 @@ import:
 - package: github.com/pborman/uuid
   version: ~1.0.0
 - package: github.com/pkg/errors
-  version: ~0.7.0
+  version: ~0.8.0
 - package: github.com/pkg/profile
   version: ~1.2.0
 - package: github.com/spf13/cobra
 - package: github.com/spf13/viper
 - package: github.com/square/go-jose
-  version: ~1.0.3
+  version: ~1.1.0
   subpackages:
   - json
 - package: github.com/stretchr/testify

jwk/aead_test.go

@@ -3,11 +3,11 @@ package jwk
 import (
 	"testing"
 
+	"crypto/rand"
 	"github.com/ory-am/hydra/pkg"
 	"github.com/pborman/uuid"
-	"github.com/stretchr/testify/assert"
 	"github.com/pkg/errors"
-	"crypto/rand"
+	"github.com/stretchr/testify/assert"
 	"io"
 )
 

jwk/manager_test.go

@@ -20,12 +20,12 @@ import (
 	"os"
 	"time"
 
+	"crypto/rand"
+	"github.com/pkg/errors"
 	"github.com/square/go-jose"
 	"golang.org/x/net/context"
-	"net/http"
 	"io"
-	"github.com/pkg/errors"
-	"crypto/rand"
+	"net/http"
 )
 
 var managers = map[string]Manager{}
@@ -83,7 +83,6 @@ func randomBytes(n int) ([]byte, error) {
 	return bytes, nil
 }
 
-
 func TestMain(m *testing.M) {
 	var session *r.Session
 	var err error

oauth2/consent_strategy.go

@@ -16,11 +16,11 @@ import (
 
 const (
 	ConsentChallengeKey = "hydra.consent.challenge"
-	ConsentEndpointKey = "hydra.consent.response"
+	ConsentEndpointKey  = "hydra.consent.response"
 )
 
 type DefaultConsentStrategy struct {
-	Issuer                   string
+	Issuer string
 
 	DefaultIDTokenLifespan   time.Duration
 	DefaultChallengeLifespan time.Duration
@@ -77,7 +77,6 @@ func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, t
 	}
 
 	return &Session{
-		Subject: subject,
 		DefaultSession: &openid.DefaultSession{
 			Claims: &ejwt.IDTokenClaims{
 				Audience:  a.GetClient().GetID(),
@@ -88,6 +87,7 @@ func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, t
 				Extra:     idExt,
 			},
 			Headers: &ejwt.Headers{},
+			Subject: subject,
 		},
 		Extra: atExt,
 	}, err