Revert "CC-796: Remove dependency on unsupported version of go-oidc"

This reverts commit 0899d6a136.

vendor/gopkg.in/coreos/go-oidc.v2/.travis.yml

@@ -1,13 +1,13 @@
 language: go
 
 go:
-  - "1.12"
-  - "1.13"
+  - "1.9"
+  - "1.10"
 
 install:
  - go get -v -t github.com/coreos/go-oidc/...
  - go get golang.org/x/tools/cmd/cover
- - go get golang.org/x/lint/golint
+ - go get github.com/golang/lint/golint
 
 script:
  - ./test

vendor/gopkg.in/coreos/go-oidc.v2/oidc.go

@@ -69,7 +69,6 @@ type Provider struct {
 	authURL     string
 	tokenURL    string
 	userInfoURL string
-	algorithms  []string
 
 	// Raw claims returned by the server.
 	rawClaims []byte
@@ -83,27 +82,11 @@ type cachedKeys struct {
 }
 
 type providerJSON struct {
-	Issuer      string   `json:"issuer"`
-	AuthURL     string   `json:"authorization_endpoint"`
-	TokenURL    string   `json:"token_endpoint"`
-	JWKSURL     string   `json:"jwks_uri"`
-	UserInfoURL string   `json:"userinfo_endpoint"`
-	Algorithms  []string `json:"id_token_signing_alg_values_supported"`
-}
-
-// supportedAlgorithms is a list of algorithms explicitly supported by this
-// package. If a provider supports other algorithms, such as HS256 or none,
-// those values won't be passed to the IDTokenVerifier.
-var supportedAlgorithms = map[string]bool{
-	RS256: true,
-	RS384: true,
-	RS512: true,
-	ES256: true,
-	ES384: true,
-	ES512: true,
-	PS256: true,
-	PS384: true,
-	PS512: true,
+	Issuer      string `json:"issuer"`
+	AuthURL     string `json:"authorization_endpoint"`
+	TokenURL    string `json:"token_endpoint"`
+	JWKSURL     string `json:"jwks_uri"`
+	UserInfoURL string `json:"userinfo_endpoint"`
 }
 
 // NewProvider uses the OpenID Connect discovery mechanism to construct a Provider.
@@ -140,18 +123,11 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
 	if p.Issuer != issuer {
 		return nil, fmt.Errorf("oidc: issuer did not match the issuer returned by provider, expected %q got %q", issuer, p.Issuer)
 	}
-	var algs []string
-	for _, a := range p.Algorithms {
-		if supportedAlgorithms[a] {
-			algs = append(algs, a)
-		}
-	}
 	return &Provider{
 		issuer:       p.Issuer,
 		authURL:      p.AuthURL,
 		tokenURL:     p.TokenURL,
 		userInfoURL:  p.UserInfoURL,
-		algorithms:   algs,
 		rawClaims:    body,
 		remoteKeySet: NewRemoteKeySet(ctx, p.JWKSURL),
 	}, nil

vendor/gopkg.in/coreos/go-oidc.v2/verify.go

@@ -79,9 +79,7 @@ type Config struct {
 	ClientID string
 	// If specified, only this set of algorithms may be used to sign the JWT.
 	//
-	// If the IDTokenVerifier is created from a provider with (*Provider).Verifier, this
-	// defaults to the set of algorithms the provider supports. Otherwise this values
-	// defaults to RS256.
+	// Since many providers only support RS256, SupportedSigningAlgs defaults to this value.
 	SupportedSigningAlgs []string
 
 	// If true, no ClientID check performed. Must be true if ClientID field is empty.
@@ -107,13 +105,6 @@ type Config struct {
 // The returned IDTokenVerifier is tied to the Provider's context and its behavior is
 // undefined once the Provider's context is canceled.
 func (p *Provider) Verifier(config *Config) *IDTokenVerifier {
-	if len(config.SupportedSigningAlgs) == 0 && len(p.algorithms) > 0 {
-		// Make a copy so we don't modify the config values.
-		cp := &Config{}
-		*cp = *config
-		cp.SupportedSigningAlgs = p.algorithms
-		config = cp
-	}
 	return NewVerifier(p.issuer, p.remoteKeySet, config)
 }