Rebasing ory master (#4)

* handler/oauth2: set expiration time before the access token is generated (ory#216)

Signed-off-by: Nikita Vorobey <nikita@vorobey.by>

* token/hmac: replace custom logic with copypasta

* tests: replace nil checks with Error/NoError

* scripts: add format helper scripts

* all: format files with goimports

* travis: use go-acc and test format

* history: add 0.12.0 to TOC

* travis: update to go 1.9

* travis: add goimports to install section

* scripts: fix goimports import path

* vendor: replace glide with dep

* Add license header to all source files (ory#222)

Closes ory#221

Signed-off-by: aeneasr <aeneas.rekkas@serlo.org>

* travis: update go version (ory#220)

* handler/oauth2: Client IDs in revokation requests must match now (ory#226)

Closes ory#225

* Simplifies error contexts (ory#227)

Simplifies how errors are instantiated. Errors now contain all necessary information without relying on `fosite.ErrorToRFC6749Error` any more. `fosite.ErrorToRFC6749Error` is now an internal method and was renamed to `fosite.errorToRFC6749Error`.

* Exports ErrorToRFC6749Error again (ory#228)

* Makes use of rfcerr in access error endpoint writer explicit

* handler/oauth2: Improves authorization code error handling

* handler/oauth2: Adds token revokation on authorize code reuse

* internal: Updates mocks and mock generation

* oauth2: Allows client credentials in POST body and solves public client auth

Closes ory#231
Closes ory#217

* Improves error debug messages across the project

* Resolves test issues and reverts auth code revokation patch

* docs: Updates history.md

* Improves test coverage report by removing internal package from it

* Upgrades history.md

* token/jwt: Adds ability to specify acr value natively in id token payload

* Forces use of UTC time zone everywhere

* Adds ability to catch non-conform OIDC authorizations

Fosite is now capable of detecting authorization flows that
are not conformant with the OpenID Connect spec.

* Resolves overriding auth_time with wrong value

* Improves http error codes

* Returns the correct error on duplicate auth code use

* handler/oauth2: Adds offline_access alias for refresh flow

* Adds ability to forward hints and debug messages to clients (ory#242)

* compose: Makes SendDebugMessages first class citizen (ory#243)

.travis.yml

@@ -3,20 +3,23 @@ language: go
 go_import_path: github.com/ory/fosite
 
 go:
-  - 1.7
-  - 1.8
+  - 1.9.x
 
 env:
-  - GO15VENDOREXPERIMENT=1
+  - DEP_VERSION="0.3.2"
+
+before_install:
+  - curl -L -s https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 -o $GOPATH/bin/dep
+  - chmod +x $GOPATH/bin/dep
 
 install:
-   - go get github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/pierrre/gotestcover github.com/Masterminds/glide
-   - glide install
+  - dep ensure
+  - go get github.com/mattn/goveralls golang.org/x/tools/cmd/cover github.com/pierrre/gotestcover github.com/bradfitz/goimports
 
 script:
   - touch ./coverage.tmp
   - |
     echo 'mode: atomic' > coverage.txt
   - |
     go list ./... | grep -v /vendor | grep -v /internal | xargs -n1 -I{} sh -c 'go test -race -covermode=atomic -coverprofile=coverage.tmp -coverpkg $(go list ./... | grep -v /vendor | grep -v /internal | tr "\n" ",") {} && tail -n +2 coverage.tmp >> coverage.txt || exit 255' && rm coverage.tmp
-  - goveralls -coverprofile="coverage.txt"
+  - goveralls -coverprofile="coverage.txt"

CONTRIBUTING.md

@@ -96,7 +96,7 @@ To make a pull request, you will need a GitHub account; if you are unclear on th
 
 1. Create a feature branch off of `master` so that changes do not get mixed up.
 1. [Rebase](https://git-scm.com/book/en/Git-Branching-Rebasing) your local changes against the `master` branch.
-1. Run the full project test suite with the `go test $(glide novendor)` (or equivalent) command and confirm that it passes.
+1. Run the full project test suite with the `go test ./...` (or equivalent) command and confirm that it passes.
 1. Run `gofmt -s` (if the project is written in Go).
 1. Accept the Developer's Certificate of Origin on all commits (see above).
 1. Ensure that each commit has a subsystem prefix (ex: `controller: `).

Gopkg.toml

@@ -0,0 +1,74 @@
+
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#  name = "github.com/x/y"
+#  version = "2.4.0"
+
+
+[[constraint]]
+  name = "github.com/asaskevich/govalidator"
+  version = "7.0.0"
+
+[[constraint]]
+  name = "github.com/dgrijalva/jwt-go"
+  version = "3.1.0"
+
+[[constraint]]
+  name = "github.com/golang/mock"
+  version = "1.0.0"
+
+[[constraint]]
+  name = "github.com/gorilla/mux"
+  version = "1.5.0"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/gtank/cryptopasta"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/mohae/deepcopy"
+
+[[constraint]]
+  name = "github.com/oleiade/reflections"
+  version = "1.0.0"
+
+[[constraint]]
+  name = "github.com/parnurzeal/gorequest"
+  version = "0.2.15"
+
+[[constraint]]
+  name = "github.com/pborman/uuid"
+  version = "1.1.0"
+
+[[constraint]]
+  name = "github.com/pkg/errors"
+  version = "0.8.0"
+
+[[constraint]]
+  name = "github.com/stretchr/testify"
+  version = "1.1.4"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/oauth2"

HISTORY.md

@@ -5,6 +5,13 @@ bumps (`0.1.0` -> `0.2.0`).
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
 
+- [0.15.0](#0150)
+- [0.14.0](#0140)
+- [0.13.0](#0130)
+  - [Breaking changes](#breaking-changes)
+- [0.12.0](#0120)
+  - [Breaking changes](#breaking-changes-1)
+    - [Improved cryptographic methods](#improved-cryptographic-methods)
 - [0.11.0](#0110)
   - [Non-breaking changes](#non-breaking-changes)
     - [Storage adapter](#storage-adapter)
@@ -19,7 +26,7 @@ bumps (`0.1.0` -> `0.2.0`).
 - [0.10.0](#0100)
 - [0.9.0](#090)
 - [0.8.0](#080)
-  - [Breaking changes](#breaking-changes)
+  - [Breaking changes](#breaking-changes-2)
     - [`ClientManager`](#clientmanager)
     - [`OAuth2Provider`](#oauth2provider)
 - [0.7.0](#070)
@@ -32,6 +39,50 @@ bumps (`0.1.0` -> `0.2.0`).
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
+## 0.16.0
+
+This patch introduces `SendDebugMessagesToClients` to the Fosite struct which enables/disables sending debug information to
+clients. Debug information may contain sensitive information as it forwards error messages from, for example, storage
+implementations. For this reason, `RevealDebugPayloads` defaults to false. Keep in mind that the information may be
+very helpful when specific OAuth 2.0 requests fail and we generally recommend displaying debug information.
+
+Additionally, error keys for JSON changed which caused a new minor version, speicifically
+[`statusCode` was changed to `status_code`](https://github.com/ory/fosite/pull/242/files#diff-dd25e0e0a594c3f3592c1c717039b85eR221).
+
+
+## 0.15.0
+
+This release focuses on improving compatibility with OpenID Connect Certification and better error context.
+
+* Error handling is improved by explicitly adding debug information (e.g. "Token invalid because it was not found
+in the database") to the error object. Previously, the original error was prepended which caused weird formatting issues.
+* Allows client credentials in POST body at the `/oauth2/token` endpoint. Please note that this method is not recommended
+to be used, unless the client making the request is unable to use HTTP Basic Authorization.
+* Allows public clients (without secret) to access the `/oauth2/token` endpoint which was previously only possible by adding an arbitrary
+secret.
+
+This release has no breaking changes to the external API but due to the nature of the changes, it is released
+as a new major version.
+
+## 0.14.0
+
+Improves error contexts. A breaking code changes to the public API was reverted with 0.14.1.
+
+## 0.13.0
+
+### Breaking changes
+
+`glide` was replaced with `dep`.
+
+## 0.12.0
+
+### Breaking changes
+
+#### Improved cryptographic methods
+
+* The minimum required secret length used to generate signatures of access tokens has increased from 16 to 32 byte.
+* The algorithm used to generate access tokens using the HMAC-SHA strategy has changed from HMAC-SHA256 to HMAC-SHA512.
+
 ## 0.11.0
 
 ### Non-breaking changes

README.md

@@ -57,7 +57,7 @@ was out there, so we decided to build it ourselves.
 
 The core public API is almost stable as most changes will only touch the inner workings.
 
-We strongly encourage vendoring fosite using [glide](https://glide.sh) or comparable tools.
+We strongly encourage vendoring fosite using [dep](https://github.com/golang/dep) or comparable tools.
 
 ## Example
 
@@ -69,10 +69,9 @@ of code.
 You can run this minimalistic example by doing
 
 ```
-go get github.com/Masterminds/glide
 go get github.com/ory/fosite-example
 cd $GOPATH/src/github.com/ory/fosite-example
-glide install
+dep ensure
 go install github.com/ory/fosite-example
 fosite-example
 ```
@@ -148,7 +147,7 @@ GOPATH environment variable.
 go get -d github.com/ory/fosite
 ```
 
-We recommend to use [Glide](https://github.com/Masterminds/glide) or [Godep](https://github.com/tools/godep) to
+We recommend to use [dep](https://github.com/golang/dep) to
 mitigate compatibility breaks that come with new api versions.
 
 ## Documentation
@@ -385,10 +384,10 @@ go get -d github.com/ory/fosite
 cd $GOPATH/src/github.com/ory/fosite
 git status
 git remote add myfork <url-to-your-fork>
-go test $(glide novendor)
+go test ./..
 ```
 
-Simple, right? Now you are ready to go! Make sure to run `go test $(glide novendor)` often, detecting problems with your code
+Simple, right? Now you are ready to go! Make sure to run `go test ./...` often, detecting problems with your code
 rather sooner than later. Please read [CONTRIBUTE.md] before creating pull requests and issues.
 
 ### Refresh mock objects