refactor: remove unused issuer property for provider

Maskinporten accepts the token_endpoint as audience for JWT grants. This is in line with RFC 7523, section 3: > The token endpoint URL of the authorization server > MAY be used as a value for an "aud" element to identify the > authorization server as an intended audience of the JWT https://datatracker.ietf.org/doc/html/rfc7523#section-3 Co-authored-by: Tommy Trøen <[email protected]> Co-authored-by: Kim Tore Jensen <[email protected]>
nais · Nov 5, 2024 · a4547a2 · a4547a2
1 parent 5520deb
commit a4547a2
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 8 deletions.
diff --git a/src/handlers.rs b/src/handlers.rs
@@ -106,7 +106,6 @@ impl HandlerState {
         // TODO: we should be able to conditionally enable certain providers based on the configuration
         info!("Fetch JWKS for Maskinporten...");
         let maskinporten: Provider<MaskinportenTokenRequest, JWTBearerAssertion> = Provider::new(
-            cfg.maskinporten_issuer.clone(),
             cfg.maskinporten_client_id.clone(),
             cfg.maskinporten_token_endpoint.clone(),
             cfg.maskinporten_client_jwk.clone(),
@@ -117,7 +116,6 @@ impl HandlerState {
         // TODO: these two AAD providers should be a single provider, but we need to figure out how to handle the different token requests
         info!("Fetch JWKS for Azure AD (on behalf of)...");
         let azure_ad_obo: Provider<AzureADOnBehalfOfTokenRequest, ClientAssertion> = Provider::new(
-            cfg.azure_ad_issuer.clone(),
             cfg.azure_ad_client_id.clone(),
             cfg.azure_ad_token_endpoint.clone(),
             cfg.azure_ad_client_jwk.clone(),
@@ -127,7 +125,6 @@ impl HandlerState {
 
         info!("Fetch JWKS for Azure AD (client credentials)...");
         let azure_ad_cc: Provider<AzureADClientCredentialsTokenRequest, ClientAssertion> = Provider::new(
-            cfg.azure_ad_issuer.clone(),
             cfg.azure_ad_client_id.clone(),
             cfg.azure_ad_token_endpoint.clone(),
             cfg.azure_ad_client_jwk.clone(),
@@ -137,7 +134,6 @@ impl HandlerState {
 
         info!("Fetch JWKS for TokenX...");
         let token_x: Provider<TokenXTokenRequest, ClientAssertion> = Provider::new(
-            cfg.token_x_issuer.clone(),
             cfg.token_x_client_id.clone(),
             cfg.token_x_token_endpoint.clone(),
             cfg.token_x_client_jwk.clone(),

diff --git a/src/identity_provider.rs b/src/identity_provider.rs
@@ -118,8 +118,6 @@ impl TokenRequestFactory for TokenXTokenRequest {
 
 #[derive(Clone)]
 pub struct Provider<R, A> {
-    #[allow(dead_code)]
-    issuer: String, // FIXME: unused for now; maskinporten might require this as `aud` in client_assertion
     client_id: String,
     pub token_endpoint: String,
     private_jwk: jwt::EncodingKey,
@@ -135,7 +133,6 @@ where
     A: Serialize + Assertion,
 {
     pub fn new(
-        issuer: String,
         client_id: String,
         token_endpoint: String,
         private_jwk: String,
@@ -147,7 +144,6 @@ where
         let mut client_assertion_header = jwt::Header::new(alg);
         client_assertion_header.kid = Some(kid);
         Some(Self {
-            issuer,
             client_id,
             token_endpoint,
             client_assertion_header,