*: lots of renaming

api/api.go

@@ -47,10 +47,10 @@ func (s *server) CreateClient(ctx context.Context, req *apipb.CreateClientReq) (
 	// and secrets which are restricted based on the storage.
 	client := fromPBClient(req.Client)
 	if client.ID == "" {
-		client.ID = storage.NewNonce()
+		client.ID = storage.NewID()
 	}
 	if client.Secret == "" {
-		client.Secret = storage.NewNonce() + storage.NewNonce()
+		client.Secret = storage.NewID() + storage.NewID()
 	}
 
 	if err := s.storage.CreateClient(client); err != nil {

server/handlers.go

@@ -224,7 +224,7 @@ func (s *Server) handleConnectorCallback(w http.ResponseWriter, r *http.Request)
 }
 
 func (s *Server) finalizeLogin(identity connector.Identity, authReqID, connectorID string, conn connector.Connector) (string, error) {
-	claims := storage.Identity{
+	claims := storage.Claims{
 		UserID:        identity.UserID,
 		Username:      identity.Username,
 		Email:         identity.Email,
@@ -253,7 +253,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReqID, connector
 	}
 
 	updater := func(a storage.AuthRequest) (storage.AuthRequest, error) {
-		a.Identity = &claims
+		a.Claims = &claims
 		a.ConnectorID = connectorID
 		a.ConnectorData = identity.ConnectorData
 		return a, nil
@@ -271,7 +271,7 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) {
 		s.renderError(w, http.StatusInternalServerError, errServerError, "")
 		return
 	}
-	if authReq.Identity == nil {
+	if authReq.Claims == nil {
 		log.Printf("Auth request does not have an identity for approval")
 		s.renderError(w, http.StatusInternalServerError, errServerError, "")
 		return
@@ -280,7 +280,7 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case "GET":
 		if s.skipApproval {
-			s.sendCodeResponse(w, r, authReq, *authReq.Identity)
+			s.sendCodeResponse(w, r, authReq)
 			return
 		}
 		client, err := s.storage.GetClient(authReq.ClientID)
@@ -289,17 +289,17 @@ func (s *Server) handleApproval(w http.ResponseWriter, r *http.Request) {
 			s.renderError(w, http.StatusInternalServerError, errServerError, "")
 			return
 		}
-		renderApprovalTmpl(w, authReq.ID, *authReq.Identity, client, authReq.Scopes)
+		renderApprovalTmpl(w, authReq.ID, *authReq.Claims, client, authReq.Scopes)
 	case "POST":
 		if r.FormValue("approval") != "approve" {
 			s.renderError(w, http.StatusInternalServerError, "approval rejected", "")
 			return
 		}
-		s.sendCodeResponse(w, r, authReq, *authReq.Identity)
+		s.sendCodeResponse(w, r, authReq)
 	}
 }
 
-func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authReq storage.AuthRequest, identity storage.Identity) {
+func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authReq storage.AuthRequest) {
 	if authReq.Expiry.After(s.now()) {
 		s.renderError(w, http.StatusBadRequest, errInvalidRequest, "Authorization request period has expired.")
 		return
@@ -315,12 +315,12 @@ func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authRe
 		return
 	}
 	code := storage.AuthCode{
-		ID:          storage.NewNonce(),
+		ID:          storage.NewID(),
 		ClientID:    authReq.ClientID,
 		ConnectorID: authReq.ConnectorID,
 		Nonce:       authReq.Nonce,
 		Scopes:      authReq.Scopes,
-		Identity:    *authReq.Identity,
+		Claims:      *authReq.Claims,
 		Expiry:      s.now().Add(time.Minute * 5),
 		RedirectURI: authReq.RedirectURI,
 	}
@@ -412,7 +412,7 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
 		return
 	}
 
-	idToken, expiry, err := s.newIDToken(client.ID, authCode.Identity, authCode.Scopes, authCode.Nonce)
+	idToken, expiry, err := s.newIDToken(client.ID, authCode.Claims, authCode.Scopes, authCode.Nonce)
 	if err != nil {
 		log.Printf("failed to create ID token: %v", err)
 		tokenErr(w, errServerError, "", http.StatusInternalServerError)
@@ -435,12 +435,12 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s
 	}()
 	var refreshToken string
 	if reqRefresh {
-		refresh := storage.Refresh{
-			RefreshToken: storage.NewNonce(),
+		refresh := storage.RefreshToken{
+			RefreshToken: storage.NewID(),
 			ClientID:     authCode.ClientID,
 			ConnectorID:  authCode.ConnectorID,
 			Scopes:       authCode.Scopes,
-			Identity:     authCode.Identity,
+			Claims:       authCode.Claims,
 			Nonce:        authCode.Nonce,
 		}
 		if err := s.storage.CreateRefresh(refresh); err != nil {
@@ -497,7 +497,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
 
 	// TODO(ericchiang): re-auth with backends
 
-	idToken, expiry, err := s.newIDToken(client.ID, refresh.Identity, scopes, refresh.Nonce)
+	idToken, expiry, err := s.newIDToken(client.ID, refresh.Claims, scopes, refresh.Nonce)
 	if err != nil {
 		log.Printf("failed to create ID token: %v", err)
 		tokenErr(w, errServerError, "", http.StatusInternalServerError)
@@ -509,7 +509,7 @@ func (s *Server) handleRefreshToken(w http.ResponseWriter, r *http.Request, clie
 		tokenErr(w, errServerError, "", http.StatusInternalServerError)
 		return
 	}
-	refresh.RefreshToken = storage.NewNonce()
+	refresh.RefreshToken = storage.NewID()
 	if err := s.storage.CreateRefresh(refresh); err != nil {
 		log.Printf("failed to create refresh token: %v", err)
 		tokenErr(w, errServerError, "", http.StatusInternalServerError)
@@ -529,7 +529,7 @@ func (s *Server) writeAccessToken(w http.ResponseWriter, idToken, refreshToken s
 		RefreshToken string `json:"refresh_token,omitempty"`
 		IDToken      string `json:"id_token"`
 	}{
-		storage.NewNonce(),
+		storage.NewID(),
 		"bearer",
 		int(expiry.Sub(s.now())),
 		refreshToken,

server/oauth2.go

@@ -120,7 +120,7 @@ type idTokenClaims struct {
 	Name string `json:"name,omitempty"`
 }
 
-func (s *Server) newIDToken(clientID string, claims storage.Identity, scopes []string, nonce string) (idToken string, expiry time.Time, err error) {
+func (s *Server) newIDToken(clientID string, claims storage.Claims, scopes []string, nonce string) (idToken string, expiry time.Time, err error) {
 	issuedAt := s.now()
 	expiry = issuedAt.Add(s.idTokensValidFor)
 
@@ -260,7 +260,7 @@ func parseAuthorizationRequest(s storage.Storage, r *http.Request) (req storage.
 	}
 
 	return storage.AuthRequest{
-		ID:                  storage.NewNonce(),
+		ID:                  storage.NewID(),
 		ClientID:            client.ID,
 		State:               r.Form.Get("state"),
 		Nonce:               r.Form.Get("nonce"),

server/templates.go

@@ -72,7 +72,7 @@ var approvalTmpl = template.Must(template.New("approval-template").Parse(`<html>
 </body>
 </html>`))
 
-func renderApprovalTmpl(w http.ResponseWriter, state string, identity storage.Identity, client storage.Client, scopes []string) {
+func renderApprovalTmpl(w http.ResponseWriter, state string, identity storage.Claims, client storage.Client, scopes []string) {
 	data := struct {
 		User       string
 		ClientName string

storage/kubernetes/garbage_collection_test.go

@@ -22,8 +22,8 @@ func TestGCAuthRequests(t *testing.T) {
 	now := time.Now()
 	cli.now = func() time.Time { return now }
 
-	expiredID := storage.NewNonce()
-	goodID := storage.NewNonce()
+	expiredID := storage.NewID()
+	goodID := storage.NewID()
 
 	must(cli.CreateAuthRequest(storage.AuthRequest{
 		ID:     expiredID,
@@ -58,8 +58,8 @@ func TestGCAuthCodes(t *testing.T) {
 	now := time.Now()
 	cli.now = func() time.Time { return now }
 
-	expiredID := storage.NewNonce()
-	goodID := storage.NewNonce()
+	expiredID := storage.NewID()
+	goodID := storage.NewID()
 
 	must(cli.CreateAuthCode(storage.AuthCode{
 		ID:     expiredID,

storage/kubernetes/storage.go

@@ -109,8 +109,8 @@ func (cli *client) CreateAuthCode(c storage.AuthCode) error {
 	return cli.post(resourceAuthCode, cli.fromStorageAuthCode(c))
 }
 
-func (cli *client) CreateRefresh(r storage.Refresh) error {
-	refresh := Refresh{
+func (cli *client) CreateRefresh(r storage.RefreshToken) error {
+	refresh := RefreshToken{
 		TypeMeta: k8sapi.TypeMeta{
 			Kind:       kindRefreshToken,
 			APIVersion: cli.apiVersionForResource(resourceRefreshToken),
@@ -123,7 +123,7 @@ func (cli *client) CreateRefresh(r storage.Refresh) error {
 		ConnectorID: r.ConnectorID,
 		Scopes:      r.Scopes,
 		Nonce:       r.Nonce,
-		Identity:    fromStorageIdentity(r.Identity),
+		Claims:      fromStorageClaims(r.Claims),
 	}
 	return cli.post(resourceRefreshToken, refresh)
 }
@@ -160,18 +160,18 @@ func (cli *client) GetKeys() (storage.Keys, error) {
 	return toStorageKeys(keys), nil
 }
 
-func (cli *client) GetRefresh(id string) (storage.Refresh, error) {
-	var r Refresh
+func (cli *client) GetRefresh(id string) (storage.RefreshToken, error) {
+	var r RefreshToken
 	if err := cli.get(resourceRefreshToken, id, &r); err != nil {
-		return storage.Refresh{}, err
+		return storage.RefreshToken{}, err
 	}
-	return storage.Refresh{
+	return storage.RefreshToken{
 		RefreshToken: r.ObjectMeta.Name,
 		ClientID:     r.ClientID,
 		ConnectorID:  r.ConnectorID,
 		Scopes:       r.Scopes,
 		Nonce:        r.Nonce,
-		Identity:     toStorageIdentity(r.Identity),
+		Claims:       toStorageClaims(r.Claims),
 	}, nil
 }
 
@@ -179,7 +179,7 @@ func (cli *client) ListClients() ([]storage.Client, error) {
 	return nil, errors.New("not implemented")
 }
 
-func (cli *client) ListRefreshTokens() ([]storage.Refresh, error) {
+func (cli *client) ListRefreshTokens() ([]storage.RefreshToken, error) {
 	return nil, errors.New("not implemented")
 }
 

storage/kubernetes/types.go

@@ -70,8 +70,8 @@ func toStorageClient(c Client) storage.Client {
 	}
 }
 
-// Identity is a mirrored struct from storage with JSON struct tags.
-type Identity struct {
+// Claims is a mirrored struct from storage with JSON struct tags.
+type Claims struct {
 	UserID        string   `json:"userID"`
 	Username      string   `json:"username"`
 	Email         string   `json:"email"`
@@ -79,8 +79,8 @@ type Identity struct {
 	Groups        []string `json:"groups,omitempty"`
 }
 
-func fromStorageIdentity(i storage.Identity) Identity {
-	return Identity{
+func fromStorageClaims(i storage.Claims) Claims {
+	return Claims{
 		UserID:        i.UserID,
 		Username:      i.Username,
 		Email:         i.Email,
@@ -89,8 +89,8 @@ func fromStorageIdentity(i storage.Identity) Identity {
 	}
 }
 
-func toStorageIdentity(i Identity) storage.Identity {
-	return storage.Identity{
+func toStorageClaims(i Claims) storage.Claims {
+	return storage.Claims{
 		UserID:        i.UserID,
 		Username:      i.Username,
 		Email:         i.Email,
@@ -120,7 +120,7 @@ type AuthRequest struct {
 
 	// The identity of the end user. Generally nil until the user authenticates
 	// with a backend.
-	Identity *Identity `json:"identity,omitempty"`
+	Claims *Claims `json:"claims,omitempty"`
 	// The connector used to login the user. Set when the user authenticates.
 	ConnectorID   string `json:"connectorID,omitempty"`
 	ConnectorData []byte `json:"connectorData,omitempty"`
@@ -149,9 +149,9 @@ func toStorageAuthRequest(req AuthRequest) storage.AuthRequest {
 		ConnectorData:       req.ConnectorData,
 		Expiry:              req.Expiry,
 	}
-	if req.Identity != nil {
-		i := toStorageIdentity(*req.Identity)
-		a.Identity = &i
+	if req.Claims != nil {
+		i := toStorageClaims(*req.Claims)
+		a.Claims = &i
 	}
 	return a
 }
@@ -177,9 +177,9 @@ func (cli *client) fromStorageAuthRequest(a storage.AuthRequest) AuthRequest {
 		ConnectorData:       a.ConnectorData,
 		Expiry:              a.Expiry,
 	}
-	if a.Identity != nil {
-		i := fromStorageIdentity(*a.Identity)
-		req.Identity = &i
+	if a.Claims != nil {
+		i := fromStorageClaims(*a.Claims)
+		req.Claims = &i
 	}
 	return req
 }
@@ -197,7 +197,7 @@ type AuthCode struct {
 	Nonce string `json:"nonce,omitempty"`
 	State string `json:"state,omitempty"`
 
-	Identity Identity `json:"identity,omitempty"`
+	Claims Claims `json:"claims,omitempty"`
 
 	ConnectorID   string `json:"connectorID,omitempty"`
 	ConnectorData []byte `json:"connectorData,omitempty"`
@@ -228,7 +228,7 @@ func (cli *client) fromStorageAuthCode(a storage.AuthCode) AuthCode {
 		ConnectorData: a.ConnectorData,
 		Nonce:         a.Nonce,
 		Scopes:        a.Scopes,
-		Identity:      fromStorageIdentity(a.Identity),
+		Claims:        fromStorageClaims(a.Claims),
 		Expiry:        a.Expiry,
 	}
 }
@@ -242,14 +242,14 @@ func toStorageAuthCode(a AuthCode) storage.AuthCode {
 		ConnectorData: a.ConnectorData,
 		Nonce:         a.Nonce,
 		Scopes:        a.Scopes,
-		Identity:      toStorageIdentity(a.Identity),
+		Claims:        toStorageClaims(a.Claims),
 		Expiry:        a.Expiry,
 	}
 }
 
-// Refresh is a mirrored struct from storage with JSON struct tags and
+// RefreshToken is a mirrored struct from storage with JSON struct tags and
 // Kubernetes type metadata.
-type Refresh struct {
+type RefreshToken struct {
 	k8sapi.TypeMeta   `json:",inline"`
 	k8sapi.ObjectMeta `json:"metadata,omitempty"`
 
@@ -258,15 +258,15 @@ type Refresh struct {
 
 	Nonce string `json:"nonce,omitempty"`
 
-	Identity    Identity `json:"identity,omitempty"`
-	ConnectorID string   `json:"connectorID,omitempty"`
+	Claims      Claims `json:"claims,omitempty"`
+	ConnectorID string `json:"connectorID,omitempty"`
 }
 
 // RefreshList is a list of refresh tokens.
 type RefreshList struct {
 	k8sapi.TypeMeta `json:",inline"`
 	k8sapi.ListMeta `json:"metadata,omitempty"`
-	RefreshTokens   []Refresh `json:"items"`
+	RefreshTokens   []RefreshToken `json:"items"`
 }
 
 // Keys is a mirrored struct from storage with JSON struct tags and Kubernetes

storage/memory/memory.go

@@ -13,7 +13,7 @@ func New() storage.Storage {
 	return &memStorage{
 		clients:       make(map[string]storage.Client),
 		authCodes:     make(map[string]storage.AuthCode),
-		refreshTokens: make(map[string]storage.Refresh),
+		refreshTokens: make(map[string]storage.RefreshToken),
 		authReqs:      make(map[string]storage.AuthRequest),
 	}
 }
@@ -23,7 +23,7 @@ type memStorage struct {
 
 	clients       map[string]storage.Client
 	authCodes     map[string]storage.AuthCode
-	refreshTokens map[string]storage.Refresh
+	refreshTokens map[string]storage.RefreshToken
 	authReqs      map[string]storage.AuthRequest
 
 	keys storage.Keys
@@ -49,7 +49,7 @@ func (s *memStorage) CreateAuthCode(c storage.AuthCode) error {
 	return nil
 }
 
-func (s *memStorage) CreateRefresh(r storage.Refresh) error {
+func (s *memStorage) CreateRefresh(r storage.RefreshToken) error {
 	s.tx(func() { s.refreshTokens[r.RefreshToken] = r })
 	return nil
 }
@@ -74,7 +74,7 @@ func (s *memStorage) GetKeys() (keys storage.Keys, err error) {
 	return
 }
 
-func (s *memStorage) GetRefresh(token string) (tok storage.Refresh, err error) {
+func (s *memStorage) GetRefresh(token string) (tok storage.RefreshToken, err error) {
 	s.tx(func() {
 		var ok bool
 		if tok, ok = s.refreshTokens[token]; !ok {
@@ -105,7 +105,7 @@ func (s *memStorage) ListClients() (clients []storage.Client, err error) {
 	return
 }
 
-func (s *memStorage) ListRefreshTokens() (tokens []storage.Refresh, err error) {
+func (s *memStorage) ListRefreshTokens() (tokens []storage.RefreshToken, err error) {
 	s.tx(func() {
 		for _, refresh := range s.refreshTokens {
 			tokens = append(tokens, refresh)
@@ -180,7 +180,7 @@ func (s *memStorage) ClaimCode(id string) (err error) {
 	return
 }
 
-func (s *memStorage) ClaimRefresh(refreshToken string) (token storage.Refresh, err error) {
+func (s *memStorage) ClaimRefresh(refreshToken string) (token storage.RefreshToken, err error) {
 	s.tx(func() {
 		var ok bool
 		if token, ok = s.refreshTokens[refreshToken]; !ok {

storage/storage.go

@@ -28,8 +28,8 @@ var ErrNotFound = errors.New("not found")
 // TODO(ericchiang): refactor ID creation onto the storage.
 var encoding = base32.NewEncoding("abcdefghijklmnopqrstuvwxyz234567")
 
-// NewNonce returns a new ID for the objects.
-func NewNonce() string {
+// NewID returns a random string which can be used as an ID for objects.
+func NewID() string {
 	buff := make([]byte, 8) // 64 bit random ID.
 	if _, err := io.ReadFull(rand.Reader, buff); err != nil {
 		panic(err)
@@ -50,7 +50,7 @@ type Storage interface {
 	CreateAuthRequest(a AuthRequest) error
 	CreateClient(c Client) error
 	CreateAuthCode(c AuthCode) error
-	CreateRefresh(r Refresh) error
+	CreateRefresh(r RefreshToken) error
 
 	// TODO(ericchiang): return (T, bool, error) so we can indicate not found
 	// requests that way instead of using ErrNotFound.
@@ -58,10 +58,10 @@ type Storage interface {
 	GetAuthCode(id string) (AuthCode, error)
 	GetClient(id string) (Client, error)
 	GetKeys() (Keys, error)
-	GetRefresh(id string) (Refresh, error)
+	GetRefresh(id string) (RefreshToken, error)
 
 	ListClients() ([]Client, error)
-	ListRefreshTokens() ([]Refresh, error)
+	ListRefreshTokens() ([]RefreshToken, error)
 
 	// Delete methods MUST be atomic.
 	DeleteAuthRequest(id string) error
@@ -96,8 +96,8 @@ type Client struct {
 	LogoURL string
 }
 
-// Identity represents the ID Token claims supported by the server.
-type Identity struct {
+// Claims represents the ID Token claims supported by the server.
+type Claims struct {
 	UserID        string
 	Username      string
 	Email         string
@@ -126,7 +126,7 @@ type AuthRequest struct {
 
 	// The identity of the end user. Generally nil until the user authenticates
 	// with a backend.
-	Identity *Identity
+	Claims *Claims
 
 	// The connector used to login the user and any data the connector wishes to persists.
 	// Set when the user authenticates.
@@ -150,13 +150,13 @@ type AuthCode struct {
 
 	Scopes []string
 
-	Identity Identity
+	Claims Claims
 
 	Expiry time.Time
 }
 
-// Refresh is an OAuth2 refresh token.
-type Refresh struct {
+// RefreshToken is an OAuth2 refresh token.
+type RefreshToken struct {
 	// The actual refresh token.
 	RefreshToken string
 
@@ -173,7 +173,7 @@ type Refresh struct {
 
 	Nonce string
 
-	Identity Identity
+	Claims Claims
 }
 
 // VerificationKey is a rotated signing key which can still be used to verify

storage/storagetest/storagetest.go

@@ -21,7 +21,7 @@ func RunTestSuite(t *testing.T, s storage.Storage) {
 
 func testUpdateAuthRequest(t *testing.T, s storage.Storage) {
 	a := storage.AuthRequest{
-		ID:            storage.NewNonce(),
+		ID:            storage.NewID(),
 		ClientID:      "foobar",
 		ResponseTypes: []string{"code"},
 		Scopes:        []string{"openid", "email"},
@@ -29,13 +29,13 @@ func testUpdateAuthRequest(t *testing.T, s storage.Storage) {
 		Expiry:        neverExpire,
 	}
 
-	identity := storage.Identity{Email: "foobar"}
+	identity := storage.Claims{Email: "foobar"}
 
 	if err := s.CreateAuthRequest(a); err != nil {
 		t.Fatalf("failed creating auth request: %v", err)
 	}
 	if err := s.UpdateAuthRequest(a.ID, func(old storage.AuthRequest) (storage.AuthRequest, error) {
-		old.Identity = &identity
+		old.Claims = &identity
 		old.ConnectorID = "connID"
 		return old, nil
 	}); err != nil {
@@ -46,17 +46,17 @@ func testUpdateAuthRequest(t *testing.T, s storage.Storage) {
 	if err != nil {
 		t.Fatalf("failed to get auth req: %v", err)
 	}
-	if got.Identity == nil {
+	if got.Claims == nil {
 		t.Fatalf("no identity in auth request")
 	}
-	if !reflect.DeepEqual(*got.Identity, identity) {
-		t.Fatalf("update failed, wanted identity=%#v got %#v", identity, *got.Identity)
+	if !reflect.DeepEqual(*got.Claims, identity) {
+		t.Fatalf("update failed, wanted identity=%#v got %#v", identity, *got.Claims)
 	}
 }
 
 func testCreateRefresh(t *testing.T, s storage.Storage) {
-	id := storage.NewNonce()
-	refresh := storage.Refresh{
+	id := storage.NewID()
+	refresh := storage.RefreshToken{
 		RefreshToken: id,
 		ClientID:     "client_id",
 		ConnectorID:  "client_secret",