fix: incorporate review suggestions/requests

Author: prskr

modules/dex/dex.go

@@ -126,7 +126,7 @@ func (c Container) CreatePassword(
 ) (err error) {
 	apiClient, connCloser, err := c.createDexAPIClient(ctx)
 	if err != nil {
-		return fmt.Errorf("prepare Dex API client: %w", err)
+		return fmt.Errorf("create Dex API client: %w", err)
 	}
 
 	defer func() {
@@ -159,6 +159,8 @@ func (c Container) CreatePassword(
 		},
 	}
 
+	clear(req.Hash)
+
 	if _, err = apiClient.CreatePassword(ctx, apiReq); err != nil {
 		return fmt.Errorf("create password in Dex: %w", err)
 	}
@@ -169,15 +171,16 @@ func (c Container) CreatePassword(
 // OpenIDConfiguration returns the OpenID configuration for the Dex instance.
 // It retrieves the raw configuration, unmarshals it into an OpenIDConfiguration struct,
 // and returns any error that occurs during the process.
-func (c Container) OpenIDConfiguration(ctx context.Context) (cfg OpenIDConfiguration, err error) {
+func (c Container) OpenIDConfiguration(ctx context.Context) (OpenIDConfiguration, error) {
 	rawCfg, err := c.RawOpenIDConfiguration(ctx)
 	if err != nil {
-		return cfg, err
+		return OpenIDConfiguration{}, err
 	}
 
+	var cfg OpenIDConfiguration
 	err = json.Unmarshal(rawCfg, &cfg)
 	if err != nil {
-		return cfg, fmt.Errorf("unmarshal OpenID configuration: %w", err)
+		return OpenIDConfiguration{}, fmt.Errorf("unmarshal OpenID configuration: %w", err)
 	}
 
 	return cfg, nil
@@ -196,7 +199,7 @@ func (c Container) RawOpenIDConfiguration(ctx context.Context) (rawCfg []byte, e
 
 	req, err := http.NewRequestWithContext(ctx, http.MethodGet, httpEndpoint+"/.well-known/openid-configuration", http.NoBody)
 	if err != nil {
-		return nil, fmt.Errorf("prepare OIDC discovery requrest: %w", err)
+		return nil, fmt.Errorf("create OIDC discovery request: %w", err)
 	}
 
 	httpClient := c.Client
@@ -332,7 +335,7 @@ func patchEndpoint(original, newHost string) (patched string, err error) {
 
 // randomSecret generates a random password for identities.
 // Based on https://pkg.go.dev/crypto/[email protected]#Text
-// Can be replaced as soon as testcontainers-go is updated to Go 1.24 or higher.
+// TODO: replace as soon as testcontainers-go is updated to Go 1.24 or higher.
 func randomSecret() string {
 	// ⌈log₃₂ 2¹²⁸⌉ = 26 chars
 	const (

modules/dex/openid.go

@@ -1,19 +1,37 @@
 package dex
 
+// OpenIDConfiguration represents the OpenID Connect discovery document.
+// Every OIDC provider must provide a valid OpenIDConfiguration.
+// This struct contains all the necessary information for a client to interact with an OIDC provider - in this case, Dex.
 type OpenIDConfiguration struct {
-	Issuer                      string   `json:"issuer,omitzero"`
-	AuthorizationEndpoint       string   `json:"authorization_endpoint,omitzero"`
-	TokenEndpoint               string   `json:"token_endpoint,omitzero"`
-	JwksURI                     string   `json:"jwks_uri,omitzero"`
-	UserinfoEndpoint            string   `json:"userinfo_endpoint,omitzero"`
-	DeviceAuthorizationEndpoint string   `json:"device_authorization_endpoint,omitzero"`
-	IntrospectionEndpoint       string   `json:"introspection_endpoint,omitzero"`
-	GrantTypesSupported         []string `json:"grant_types_supported,omitempty"`
-	ResponseTypesSupported      []string `json:"response_types_supported,omitempty"`
-	SubjectTypesSupported       []string `json:"subject_types_supported,omitempty"`
-	IDTokenSigningAlgValues     []string `json:"id_token_signing_alg_values_supported,omitempty"`
-	CodeChallengeMethods        []string `json:"code_challenge_methods_supported,omitempty"`
-	ScopesSupported             []string `json:"scopes_supported,omitempty"`
-	TokenEndpointAuthMethods    []string `json:"token_endpoint_auth_methods_supported,omitempty"`
-	ClaimsSupported             []string `json:"claims_supported,omitempty"`
+	// Issuer - name of the issuer, typically http://localhost:5556
+	Issuer string `json:"issuer,omitzero"`
+	// AuthorizationEndpoint - endpoint for authorization requests
+	AuthorizationEndpoint string `json:"authorization_endpoint,omitzero"`
+	// TokenEndpoint - endpoint for token requests (e.g. when using client credentials)
+	TokenEndpoint string `json:"token_endpoint,omitzero"`
+	// JWKSURI - endpoint for JSON Web Key Set (JWKS) requests
+	JWKSURI string `json:"jwks_uri,omitzero"`
+	// UserInfoEndpoint - endpoint for user info requests
+	UserinfoEndpoint string `json:"userinfo_endpoint,omitzero"`
+	// DeviceAuthorizationEndpoint - endpoint for device authorization requests
+	DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint,omitzero"`
+	// IntrospectionEndpoint - endpoint for token introspection requests
+	IntrospectionEndpoint string `json:"introspection_endpoint,omitzero"`
+	// GrantTypesSupported - list of grant types this provider supports
+	GrantTypesSupported []string `json:"grant_types_supported,omitempty"`
+	// ResponseTypesSupported - list of response types this provider supports
+	ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
+	// SubjectTypesSupported - list of subject types this provider supports
+	SubjectTypesSupported []string `json:"subject_types_supported,omitempty"`
+	// IDTokenSigningAlgValues - list of signing algorithms this provider supports for ID tokens
+	IDTokenSigningAlgValues []string `json:"id_token_signing_alg_values_supported,omitempty"`
+	// CodeChallengeMethods - list of code challenge methods this provider supports
+	CodeChallengeMethods []string `json:"code_challenge_methods_supported,omitempty"`
+	// ScopesSupported - list of scopes this provider supports
+	ScopesSupported []string `json:"scopes_supported,omitempty"`
+	// TokenEndpointAuthMethods - list of token endpoint authentication methods this provider supports
+	TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"`
+	// ClaimsSupported - list of claims this provider supports
+	ClaimsSupported []string `json:"claims_supported,omitempty"`
 }