Decoupled code from DefaultSigningKey (#16743)

Decoupled code from `DefaultSigningKey`. Makes testing a little bit easier and is cleaner.

services/auth/oauth2.go

@@ -29,9 +29,9 @@ func CheckOAuthAccessToken(accessToken string) int64 {
 	if !strings.Contains(accessToken, ".") {
 		return 0
 	}
-	token, err := oauth2.ParseToken(accessToken)
+	token, err := oauth2.ParseToken(accessToken, oauth2.DefaultSigningKey)
 	if err != nil {
-		log.Trace("ParseOAuth2Token: %v", err)
+		log.Trace("oauth2.ParseToken: %v", err)
 		return 0
 	}
 	var grant *models.OAuth2Grant

services/auth/source/oauth2/token.go

@@ -40,12 +40,12 @@ type Token struct {
 }
 
 // ParseToken parses a signed jwt string
-func ParseToken(jwtToken string) (*Token, error) {
+func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error) {
 	parsedToken, err := jwt.ParseWithClaims(jwtToken, &Token{}, func(token *jwt.Token) (interface{}, error) {
-		if token.Method == nil || token.Method.Alg() != DefaultSigningKey.SigningMethod().Alg() {
+		if token.Method == nil || token.Method.Alg() != signingKey.SigningMethod().Alg() {
 			return nil, fmt.Errorf("unexpected signing algo: %v", token.Header["alg"])
 		}
-		return DefaultSigningKey.VerifyKey(), nil
+		return signingKey.VerifyKey(), nil
 	})
 	if err != nil {
 		return nil, err
@@ -59,11 +59,11 @@ func ParseToken(jwtToken string) (*Token, error) {
 }
 
 // SignToken signs the token with the JWT secret
-func (token *Token) SignToken() (string, error) {
+func (token *Token) SignToken(signingKey JWTSigningKey) (string, error) {
 	token.IssuedAt = time.Now().Unix()
-	jwtToken := jwt.NewWithClaims(DefaultSigningKey.SigningMethod(), token)
-	DefaultSigningKey.PreProcessToken(jwtToken)
-	return jwtToken.SignedString(DefaultSigningKey.SignKey())
+	jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
+	signingKey.PreProcessToken(jwtToken)
+	return jwtToken.SignedString(signingKey.SignKey())
 }
 
 // OIDCToken represents an OpenID Connect id_token