Skip to content

Remove remaining uses of github.com/coreos/go-oidc/v3 with github.com/zitadel/oidc/v3 #54939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
May 23, 2025
Merged

Remove remaining uses of github.com/coreos/go-oidc/v3 with github.com/zitadel/oidc/v3 #54939

merged 13 commits into from
May 23, 2025

Conversation

@Joerger
Copy link
Contributor

@Joerger Joerger commented May 20, 2025

Changes:

  • Add a generic OIDC token validation function using github.com/zitadel/oidc/v3, adapted from Noah's additions for azure devops. The only intended functional change here is that the 15s provider timeout is used for all providers, rather than just the 2 newest additions.
  • tctl sso configure uses zitadel's Discover function instead of the old coreos provider function.
  • Update .golangci.yml to only allow github.com/zitadel/oidc/v3
  • go mod tidy

Note: For some reason, I can't get rid of github.com/coreos/go-oidc and github.com/coreos/go-oidc/v3 from the go.sum, despite them being completely unused:

> go mod why github.com/coreos/go-oidc
# github.com/coreos/go-oidc
(main module does not need package github.com/coreos/go-oidc)

> go mod why github.com/coreos/go-oidc/v3
# github.com/coreos/go-oidc/v3
(main module does not need package github.com/coreos/go-oidc/v3)

@Joerger Joerger marked this pull request as ready for review May 20, 2025 01:47
@github-actions github-actions bot added size/sm tctl tctl - Teleport admin tool labels May 20, 2025
strideynet
strideynet reviewed May 20, 2025
View reviewed changes
@zmb3
Copy link
Collaborator

zmb3 commented May 20, 2025

For some reason, I can't get rid of github.com/coreos/go-oidc and github.com/coreos/go-oidc/v3 from the go.sum, despite them being completely unused:

Do you need to update e_imports.go?

@rosstimothy
Copy link
Contributor

rosstimothy commented May 20, 2025
edited
Loading

go.sum still contains github.com/coreos/go-oidc because the libraries are still included via indirect references.

go mod graph | rg "github.com/coreos/go-oidc"
github.com/sigstore/cosign/[email protected] github.com/coreos/go-oidc/[email protected]
github.com/sigstore/[email protected] github.com/coreos/go-oidc/[email protected]
github.com/sigstore/[email protected] github.com/coreos/go-oidc/[email protected]
k8s.io/[email protected] github.com/coreos/[email protected]+incompatible

rosstimothy
rosstimothy reviewed May 20, 2025
View reviewed changes
go.mod Outdated
github.com/ucarion/urlpath v0.0.0-20200424170820-7ccc79b76bbb
github.com/vulcand/predicate v1.2.0 // replaced
github.com/yusufpapurcu/wmi v1.2.4
github.com/zeebo/assert v1.3.0
Copy link
Contributor

@rosstimothy rosstimothy May 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oooof this is likely an accidental import from gopls and should be replaced with testify/assert

Copy link
Contributor

@rosstimothy rosstimothy May 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#54094 (comment)

Copy link
Contributor

@rosstimothy rosstimothy May 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be updated to include #55039.

@Joerger Joerger added the no-changelog Indicates that a PR does not require a changelog entry label May 21, 2025
rosstimothy
rosstimothy reviewed May 22, 2025
View reviewed changes
go.mod Outdated
github.com/ucarion/urlpath v0.0.0-20200424170820-7ccc79b76bbb
github.com/vulcand/predicate v1.2.0 // replaced
github.com/yusufpapurcu/wmi v1.2.4
github.com/zeebo/assert v1.3.0
Copy link
Contributor

@rosstimothy rosstimothy May 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be updated to include #55039.

@Joerger Joerger force-pushed the joerger/remove-coreos-go-oidc branch from 1a04744 to 7eae3ce Compare May 22, 2025 16:14
@Joerger Joerger requested a review from rosstimothy May 22, 2025 16:14
@Joerger Joerger requested a review from strideynet May 22, 2025 22:23
@Joerger Joerger added this pull request to the merge queue May 23, 2025
Merged via the queue into master with commit 5bc9e54 May 23, 2025
43 checks passed
@Joerger Joerger deleted the joerger/remove-coreos-go-oidc branch May 23, 2025 19:03
This was referenced May 28, 2025
Merged
Closed
@timothyb89 timothyb89 mentioned this pull request Aug 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strideynet strideynet strideynet approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

no-changelog Indicates that a PR does not require a changelog entry size/sm tctl tctl - Teleport admin tool

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Joerger @zmb3 @rosstimothy @strideynet