Merge pull request #765 from rithujohn191/bump-oidc

Bump go-oidc package

glide.lock

-hash: 723f2faad8f09a97ffb5ce647705b8ee41dbf2f81f91488c60f23d102789a23b
-updated: 2016-12-08T11:11:10.172119799-08:00
+hash: 22c01c4265c210fbf3cd2d55e9451b924a3301e35053c82ebe35171ab7286c83
+updated: 2017-01-06T15:38:29.812891187-08:00
 imports:
 - name: github.com/cockroachdb/cockroach-go
   version: 31611c0501c812f437d4861d87d117053967c955
   subpackages:
   - crdb
 - name: github.com/coreos/go-oidc
-  version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
+  version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
 - name: github.com/ghodss/yaml
   version: bea76d6a4713e18b7f5321a2b020738552def3ea
 - name: github.com/go-sql-driver/mysql

glide.yaml

@@ -66,7 +66,7 @@ import:
 
 # Used for server integration tests and OpenID Connect connector.
 - package: github.com/coreos/go-oidc
-  version: dedb650fb29c39c2f21aa88c1e4cec66da8754d1
+  version: 2b5d73091ea4b7ddb15e3ac00077f153120b5b61
 - package: github.com/pquerna/cachecontrol
   version: c97913dcbd76de40b051a9b4cd827f7eaeb7a868
 - package: golang.org/x/oauth2

vendor/github.com/coreos/go-oidc/verify.go

@@ -145,6 +145,13 @@ func (v *IDTokenVerifier) Verify(ctx context.Context, rawIDToken string) (*IDTok
 		}
 	}
 
+	// If a checkExpiry is specified, make sure token is not expired.
+	if v.config.checkExpiry != nil {
+		if t.Expiry.Before(v.config.checkExpiry()) {
+			return nil, fmt.Errorf("oidc: token is expired (Token Expiry: %v)", t.Expiry)
+		}
+	}
+
 	// If a set of required algorithms has been provided, ensure that the signatures use those.
 	var keyIDs, gotAlgs []string
 	for _, sig := range jws.Signatures {