chore: upgrade to v3 guide

[muhlemmer]

This PR adds update documentation for the breaking and significant changes between v2 and v3 of OIDC. This should aid develops in migrating breaking changes.
Readme is updated to mention the new guide. Badges are also updated to the v3 module.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.30%. Comparing base (0992c5f) to head (49f252f).
Report is 19 commits behind head on main.

❗ Current head 49f252f differs from pull request most recent head 2278e24. Consider uploading reports for the commit 2278e24 to get more accurate results

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #463      +/-   ##
==========================================
+ Coverage   60.06%   60.30%   +0.24%     
==========================================
  Files          80       78       -2     
  Lines        6998     6698     -300     
==========================================
- Hits         4203     4039     -164     
+ Misses       2498     2369     -129     
+ Partials      297      290       -7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[muhlemmer]

@muir if you have some time, I'm curious how this upgrade script works on other repositories. As zitadel does not use all affected symbols some sed commands are just guesswork. I hope you have a GNU system. 👼

go get -u github.com/zitadel/oidc/v3
find . -type f -name '*.go' | xargs sed -i \
    -e 's/github\.com\/zitadel\/oidc\/v2/github.com\/zitadel\/oidc\/v3/g' \
    -e 's/gopkg.in\/square\/go-jose\.v2/github.com\/go-jose\/go-jose\/v3/g' \
    -e 's/\bop\.AccessTokenVerifier\b/*op.AccessTokenVerifier/g' \
    -e 's/\bop\.JWTProfileVerifier\b/*op.JWTProfileVerifier/g' \
    -e 's/\bop\.IDTokenHintVerifier\b/*op.IDTokenHintVerifier/g' \
    -e 's/AuthorizationEndpoint() Endpoint/AuthorizationEndpoint() *Endpoint/g' \
    -e 's/TokenEndpoint() Endpoint/TokenEndpoint() *Endpoint/g' \
    -e 's/IntrospectionEndpoint() Endpoint/IntrospectionEndpoint() *Endpoint/g' \
    -e 's/UserinfoEndpoint() Endpoint/UserinfoEndpoint() *Endpoint/g' \
    -e 's/RevocationEndpoint() Endpoint/RevocationEndpoint() *Endpoint/g' \
    -e 's/EndSessionEndpoint() Endpoint/EndSessionEndpoint() *Endpoint/g' \
    -e 's/KeysEndpoint() Endpoint/KeysEndpoint() *Endpoint/g' \
    -e 's/DeviceAuthorizationEndpoint() Endpoint/DeviceAuthorizationEndpoint() *Endpoint/g' \
    -e 's/op\.CreateDiscoveryConfig(/op.CreateDiscoveryConfig(context.TODO(), /g' \
    -e 's/op\.AuthorizeCodeChallenge(tokenReq/op.AuthorizeCodeChallenge(tokenReq.CodeVerifier/g' \
    -e 's/client\.Discover(/client.Discover(context.TODO(), /g' \
    -e 's/client\.CallTokenEndpoint(/client.CallTokenEndpoint(context.TODO(), /g' \
    -e 's/client\.CallEndSessionEndpoint(/client.CallEndSessionEndpoint(context.TODO(), /g' \
    -e 's/client\.CallRevokeEndpoint(/client.CallRevokeEndpoint(context.TODO(), /g' \
    -e 's/client\.CallTokenExchangeEndpoint(/client.CallTokenExchangeEndpoint(context.TODO(), /g' \
    -e 's/client\.CallDeviceAuthorizationEndpoint(/client.CallDeviceAuthorizationEndpoint(context.TODO(), /g' \
    -e 's/client\.JWTProfileExchange(/client.JWTProfileExchange(context.TODO(), /g' \
    -e 's/profile\.NewJWTProfileTokenSource(/profile.NewJWTProfileTokenSource(context.TODO(), /g' \
    -e 's/profile\.NewJWTProfileTokenSourceFromKeyFileData(/profile.NewJWTProfileTokenSourceFromKeyFileData(context.TODO(), /g' \
    -e 's/profile\.NewJWTProfileTokenSourceFromKeyFile(/profile.NewJWTProfileTokenSourceFromKeyFile(context.TODO(), /g' \
    -e 's/rp\.NewRelyingPartyOIDC(/rp.NewRelyingPartyOIDC(context.TODO(), /g' \
    -e 's/rp\.EndSession(/rp.EndSession(context.TODO(), /g' \
    -e 's/rp\.RevokeToken(/rp.RevokeToken(context.TODO(), /g' \
    -e 's/rp\.DeviceAuthorization(/rp.DeviceAuthorization(context.TODO(), /g' \
    -e 's/rp\.RefreshAccessToken(/rp.RefreshTokens[*oidc.IDTokenClaims](context.TODO(), /g' \
    -e 's/rp\.Userinfo(/rp.Userinfo[*oidc.UserInfo](context.TODO(), /g' \
    -e 's/\brp\.IDTokenVerifier\b/*rp.IDTokenVerifier/g' \
    -e 's/rs\.NewResourceServerClientCredentials(/rs.NewResourceServerClientCredentials(context.TODO(), /g' \
    -e 's/rs\.NewResourceServerJWTProfile(/rs.NewResourceServerJWTProfile(context.TODO(), /g' \
    -e 's/rs\.Introspect(/rs.Introspect[*oidc.IntrospectionResponse](/g' \
    -e 's/tokenexchange\.NewTokenExchanger(/tokenexchange.NewTokenExchanger(context.TODO(), /g' \
    -e 's/tokenexchange\.NewTokenExchangerClientCredentials(/tokenexchange.NewTokenExchangerClientCredentials(context.TODO(), /g' \
    -e 's/tokenexchange\.ExchangeToken(/tokenexchange.ExchangeToken(context.TODO(), /g'
go mod tidy

The guide is still WIP, but I should be done by tomorrow.

[muir]

Hi @muhlemmer , I finally used this.

I ran into a few issues but mostly your took care of most changes.

• edit away all the context.TODO(), as expected
• The API for op.AuthRequestErrorr changed and the last argument needed to change from authorizer.Encoder() -> authorizor. I had to discover/fix that by hand.
• The new slog.Logger argument needed for StartServer is somewhat irritating because there isn't a simple way to get one of those for golang.org/x/exp/slog from a *testing.T. For log/slog, there is a solution.
• There was a subtle change to CreateDiscoveryConfig that broke my server until I found my bug.

All and all, thank you for the script. Moving to v3 wasn't hard.

[muhlemmer]

@muir thanks for checking and feedback!

We will update to Go 1.22 and drop 1.20 support soon. With that I will move all the logging imports to log/slog.

[github-actions]

🎉 This PR is included in version 3.15.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀