JARM (#30)

Author: mbilski

README.md

@@ -14,6 +14,7 @@
 * A simple and intuitive interface for quickly trying out different OAuth 2.0 grant types and client authentication methods
 * Supports all modern OAuth 2.0 grant types: authorization code, implicit, password, client credentials, refresh token, JWT bearer, token exchange
 * Supports all client authentication methods: client secret basic, client secret post, client secret JWT, private key JWT, TLS client auth
+* Supports the following extensions: PKCE, JARM
 
 ## Installation
 
@@ -119,32 +120,6 @@ oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
 
 [Learn more about authorization code flow](https://cloudentity.com/developers/basics/oauth-grant-types/authorization-code-flow/)
 
-#### Authorization code + PKCE
-
-The Proof Key for Code Exchange (PKCE) is an extension to the OAuth2 authorization code grant flow that
-provides additional security when authenticating with an OAuth2 provider. In the PKCE flow, the client
-generates a code verifier and a code challenge, which are then sent to the OAuth2 provider during
-the authorization request. The provider returns an authorization code, which the client then exchanges for
-an access token along with the code verifier. The provider verifies the code verifier to ensure that the
-request is coming from the same client that initiated the authorization request.
-
-This additional step helps to prevent attackers from intercepting the authorization code and using it to
-obtain an access token. PKCE is recommended for all public clients, such as single-page or mobile
-applications, where the client secret cannot be securely stored.
-
-``` sh
-oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
-  --client-id db5e375e7b634095b24bbb683fcb955b \
-  --response-types code \
-  --response-mode query \
-  --grant-type authorization_code \
-  --auth-method none \
-  --scopes openid,email \
-  --pkce
-```
-
-[Learn more about authorization code flow with pkce](https://cloudentity.com/developers/basics/oauth-grant-types/authorization-code-with-pkce/)
-
 #### Implicit
 
 This grant type is similar to the authorization code grant, but the access token is returned directly to
@@ -424,6 +399,71 @@ oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
 
 [Lean more about none with PKCE](https://cloudentity.com/developers/basics/oauth-client-authentication/client-auth-set-to-none-with-pkce/)
 
+### Extensions
+
+#### PKCE
+
+The Proof Key for Code Exchange (PKCE) is an extension to the OAuth2 authorization code grant flow that
+provides additional security when authenticating with an OAuth2 provider. In the PKCE flow, the client
+generates a code verifier and a code challenge, which are then sent to the OAuth2 provider during
+the authorization request. The provider returns an authorization code, which the client then exchanges for
+an access token along with the code verifier. The provider verifies the code verifier to ensure that the
+request is coming from the same client that initiated the authorization request.
+
+This additional step helps to prevent attackers from intercepting the authorization code and using it to
+obtain an access token. PKCE is recommended for all public clients, such as single-page or mobile
+applications, where the client secret cannot be securely stored.
+
+``` sh
+oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
+  --client-id db5e375e7b634095b24bbb683fcb955b \
+  --response-types code \
+  --response-mode query \
+  --grant-type authorization_code \
+  --auth-method none \
+  --scopes openid,email \
+  --pkce
+```
+
+[Learn more about authorization code flow with pkce](https://cloudentity.com/developers/basics/oauth-grant-types/authorization-code-with-pkce/)
+
+#### JARM
+
+JWT-secured OAuth 2.0 authorization response, also known as JARM, is a method of securely transmitting authorization
+information in an OAuth 2.0 authorization response using JSON Web Tokens (JWT). This allows the authorization response
+to be verified by the client, ensuring that the information is coming from a trusted source and has not been tampered
+with. The JWT is signed using a secret key shared between the authorization server and the client, allowing the client
+to verify the authenticity of the JWT. This provides an additional layer of security to the OAuth 2.0 authorization process.
+
+##### Signed JWT
+
+``` sh
+oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
+  --client-id cauktionbud6q8ftlqq0 \
+  --client-secret HCwQ5uuUWBRHd04ivjX5Kl0Rz8zxMOekeLtqzki0GPc \
+  --response-types code \
+  --response-mode query.jwt \
+  --grant-type authorization_code \
+  --auth-method client_secret_basic \
+  --scopes openid,email,offline_access \
+  --no-pkce
+```
+
+#### Signed and encrypted JWT
+
+``` sh
+oauth2c https://oauth2c.us.authz.cloudentity.io/oauth2c/demo \
+  --client-id cauosoo2omc4fr8ai1fg \
+  --client-secret ipFkA1lMomOMI_d2HcGGQ7j8oxeHFqKw3kli76g92VM \
+  --response-types code \
+  --response-mode query.jwt \
+  --grant-type authorization_code \
+  --auth-method client_secret_post \
+  --scopes openid,email,offline_access \
+  --encryption-key https://raw.githubusercontent.com/cloudentity/oauth2c/master/data/key.json \
+  --no-pkce
+```
+
 ## License
 
 `oauth2c` is released under the [Apache v2.0](http://www.apache.org/licenses/LICENSE-2.0).

cmd/log.go

@@ -7,11 +7,11 @@ import (
 	"crypto/x509"
 	"encoding/json"
 	"encoding/pem"
+	"github.com/go-jose/go-jose/v3/jwt"
 	"strconv"
 	"strings"
 
 	"github.com/cloudentity/oauth2c/internal/oauth2"
-	"github.com/golang-jwt/jwt"
 	"github.com/grantae/certinfo"
 	"github.com/pterm/pterm"
 	"github.com/tidwall/pretty"
@@ -214,16 +214,17 @@ func LogRequestAndResponseln(request oauth2.Request, response interface{}) {
 
 func LogTokenPayload(response oauth2.TokenResponse) {
 	var (
-		atClaims jwt.MapClaims
-		idClaims jwt.MapClaims
+		atClaims map[string]interface{}
+		idClaims map[string]interface{}
+		err      error
 	)
 
 	if silent {
 		return
 	}
 
 	if response.AccessToken != "" {
-		if _, _, err := parser.ParseUnverified(response.AccessToken, &atClaims); err != nil {
+		if _, atClaims, err = oauth2.UnsafeParseJWT(response.AccessToken); err != nil {
 			pterm.Error.Println(err)
 		} else {
 			pterm.Println(pterm.FgGray.Sprint("Access token:"))
@@ -232,7 +233,7 @@ func LogTokenPayload(response oauth2.TokenResponse) {
 	}
 
 	if response.IDToken != "" {
-		if _, _, err := parser.ParseUnverified(response.IDToken, &idClaims); err != nil {
+		if _, idClaims, err = oauth2.UnsafeParseJWT(response.IDToken); err != nil {
 			pterm.Error.Println(err)
 		} else {
 			pterm.Println(pterm.FgGray.Sprint("ID token:"))
@@ -262,11 +263,22 @@ func LogAuthMethod(config oauth2.ClientConfig) {
 	}
 }
 
+func LogJARM(request oauth2.Request) {
+	if silent {
+		return
+	}
+
+	if len(request.JARM) != 0 {
+		pterm.Println(pterm.FgGray.Sprint("JARM:"))
+		LogJson(request.JARM)
+	}
+}
+
 func LogAssertion(request oauth2.Request, title string, name string) {
 	var (
 		assertion = request.Form.Get(name)
-		token     *jwt.Token
-		claims    jwt.MapClaims
+		token     *jwt.JSONWebToken
+		claims    map[string]interface{}
 		err       error
 	)
 
@@ -278,12 +290,12 @@ func LogAssertion(request oauth2.Request, title string, name string) {
 		return
 	}
 
-	if token, _, err = parser.ParseUnverified(assertion, &claims); err != nil {
+	if token, claims, err = oauth2.UnsafeParseJWT(assertion); err != nil {
 		pterm.Error.Println(err)
 		return
 	}
 
-	pterm.DefaultBox.WithTitle(title).Printfln("%s = JWT-%s(payload)", name, token.Header["alg"])
+	pterm.DefaultBox.WithTitle(title).Printfln("%s = JWT-%s(payload)", name, token.Headers[0].Algorithm)
 	pterm.Println()
 	pterm.Println("Payload")
 	LogJson(claims)
@@ -330,16 +342,17 @@ func LogSubjectTokenAndActorToken(request oauth2.Request) {
 	var (
 		subjectToken       = request.Form.Get("subject_token")
 		actorToken         = request.Form.Get("actor_token")
-		subjectTokenClaims jwt.MapClaims
-		actorTokenClaims   jwt.MapClaims
+		subjectTokenClaims map[string]interface{}
+		actorTokenClaims   map[string]interface{}
+		err                error
 	)
 
 	if silent {
 		return
 	}
 
 	if subjectToken != "" {
-		if _, _, err := parser.ParseUnverified(subjectToken, &subjectTokenClaims); err != nil {
+		if _, subjectTokenClaims, err = oauth2.UnsafeParseJWT(subjectToken); err != nil {
 			pterm.Error.Println(err)
 		} else {
 			pterm.Println(pterm.FgGray.Sprint("Subject token:"))
@@ -348,7 +361,7 @@ func LogSubjectTokenAndActorToken(request oauth2.Request) {
 	}
 
 	if actorToken != "" {
-		if _, _, err := parser.ParseUnverified(actorToken, &actorTokenClaims); err != nil {
+		if _, actorTokenClaims, err = oauth2.UnsafeParseJWT(actorToken); err != nil {
 			pterm.Error.Println(err)
 		} else {
 			pterm.Println(pterm.FgGray.Sprint("Actor token:"))

cmd/oauth2.go

@@ -6,14 +6,13 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"strings"
 	"time"
 
 	"github.com/cloudentity/oauth2c/internal/oauth2"
-	"github.com/golang-jwt/jwt"
 	"github.com/imdario/mergo"
 	"github.com/pkg/browser"
 	"github.com/spf13/cobra"
@@ -24,7 +23,6 @@ const (
 )
 
 var (
-	parser jwt.Parser
 	silent bool
 )
 
@@ -61,6 +59,7 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().BoolVar(&cconfig.NoPKCE, "no-pkce", false, "disable proof key for code exchange (PKCE)")
 	cmd.PersistentFlags().StringVar(&cconfig.Assertion, "assertion", "", "claims for jwt bearer assertion")
 	cmd.PersistentFlags().StringVar(&cconfig.SigningKey, "signing-key", "", "path or url to signing key in jwks format")
+	cmd.PersistentFlags().StringVar(&cconfig.EncryptionKey, "encryption-key", "", "path or url to encryption key in jwks format")
 	cmd.PersistentFlags().StringVar(&cconfig.SubjectToken, "subject-token", "", "third party access token")
 	cmd.PersistentFlags().StringVar(&cconfig.SubjectTokenType, "subject-token-type", "", "third party access token type")
 	cmd.PersistentFlags().StringVar(&cconfig.ActorToken, "actor-token", "", "acting party access token")
@@ -98,7 +97,7 @@ func (c *OAuth2Cmd) Run(cconfig *oauth2.ClientConfig) func(cmd *cobra.Command, a
 		}
 
 		if silent {
-			browser.Stdout = ioutil.Discard
+			browser.Stdout = io.Discard
 		}
 
 		tr := &http.Transport{

cmd/oauth2_authorize_code.go

@@ -45,12 +45,13 @@ func (c *OAuth2Cmd) AuthorizationCodeGrantFlow(clientConfig oauth2.ClientConfig,
 	// callback
 	callbackStatus := LogAction("Waiting for callback. Go to the browser to authenticate...")
 
-	if callbackRequest, err = oauth2.WaitForCallback(addr); err != nil {
+	if callbackRequest, err = oauth2.WaitForCallback(clientConfig, serverConfig, addr, hc); err != nil {
 		LogRequestln(callbackRequest)
 		return err
 	}
 
 	LogRequest(callbackRequest)
+	LogJARM(callbackRequest)
 	Logln()
 
 	callbackStatus("Obtained authorization code")

cmd/oauth2_implicit.go

@@ -36,7 +36,7 @@ func (c *OAuth2Cmd) ImplicitGrantFlow(clientConfig oauth2.ClientConfig, serverCo
 	// callback
 	callbackStatus := LogAction("Waiting for callback. Go to the browser to authenticate...")
 
-	if callbackRequest, err = oauth2.WaitForCallback(addr); err != nil {
+	if callbackRequest, err = oauth2.WaitForCallback(clientConfig, serverConfig, addr, hc); err != nil {
 		LogRequestln(callbackRequest)
 		return err
 	}

data/key.json

@@ -13,6 +13,20 @@
             "alg": "RS256",
             "dq": "rZYrOre0aanEH0tmvlQj860ctleHG0p_PScqMVhJmbMB8cQsahUul0c5KnZFntgk7Jmwc-EmMEJ1AzGncBiJhrpNd2u9M6N7DziUfleqEObblGB0bD4CdBREZkzHt1eBNKvMLgJX6nT-AeP9_cIaQcVwQlgtJK9DQWgqilFWHu0",
             "n": "rhipCrDSyEJpr8JJnBORLXb4jYbzCDNJAYCUCuYts-z7iLTnfNv2AkmphbY9EpGk1j96IQZq7g4fwFLh5HS9SFEPpTRh2-5Pp1QRnd-nhSaeT7hkVXGTGjlmRDHgv1-69_MZFSuBFA9I3yzdT7LlkWwPZS7WL5MYHNtbLJSIF1ls-MLleGci5qWCcLXPqMpeG_VEA53IhfIcVIMDU3g3gWqqEM7CTWdkdJ12fUyMpEPzF1VOYGadO181zdo6sIkdyWqAoCesUv_9Xpi9weJT_yduiInb0xzpsriP_U-dXwHf0ULI7vKIqa--WMbGUHD974tSxTOknYvRSyGRHWClmw"
+        },
+        {
+            "p": "9vhNBMIdhLaHRat2mpMDy9AbSAb8ppCb5OZghpY14f97YN1CV4_DTnP7BZkAOiCvowdLrvTDbeu4uzG2ddND3OOIybvEFXb_Y7OAd_hWK9iAb6gN8n99nPqg-tggcD7V6ojgGgfO6EqJjdqXO-HkAcFZeZXs14cXtegCxYvOj3M",
+            "kty": "RSA",
+            "q": "riY7i5IZBVcvnZetVV-3Ymk0bOMYe-PR_CPMSVaXW7ZDtJ_1VWz_3LzOAGmcFprLkAFwlKNR16tDx6SudidGq0m3G7hac2-xvP5BW-vmM3jJagVidS98hlRLu3fYKzjsk6JYNkOUJZLjaHjaZD8vUqUC3rsJJyZIViNLn5gTBNE",
+            "d": "P_po-RCxwXonz0zxzntTeKRVK9xVATXlj553whN-5bo0f_v3awbPzs6gJG-Je7bYZF_csOLYnB31oHz0uam4uAwfcJnDigQDLM-lPPgtTg7rr8cpPXDqK-ee1Gb55sh66Tv8qm0AmNUpikNV4hm4chmAf0kSbGBCUzljtAk4jJ_wEvuF3nDxvQBzb8LcOykiwJD7rSmk-PfBSaSTECYX4YMNWokUROD0ok9YBPY1yL82Lewzw45D8jwcbcBuFMXnNaweCZDhofF5O7mQU2LEYKKIuMWyFB8Y-DXF3KcnNWpFv_sDQTMr4zUnBLexefDIFyWJ68xjW6LclBwQA4DyIQ",
+            "e": "AQAB",
+            "use": "enc",
+            "kid": "Gde0lSdovmeQDnL86WBa4n7eJyTfX61Vpzge2zp-dOg",
+            "qi": "maaxlgAx7DPvsHrgyAjjJ_dN0L5hBhLHipIRSeufsEn8d120ySaIOj16yw2cZN30bXZx6oo2OuBU_V9_lv1UgB8cja4l41sG4joyGu247IQHeAFTGD0E5_vB13g37D4NnqIo4vmilSq-7FKwyVbH1Qicm_uHu8WjTkJytUXHJfg",
+            "dp": "usftj-SzaHSXd-SGrb70RwecKmxGVj7V-FcXt5IRLFwJVqfgDdMHleT3ezNMzal8zCKvZaFt0EtPihu97_yYvY1EHbYpRUabPi86wQELQtvZvxhte_JZ8QhICY69ccbECD3-pxEytdHxmFwytrJPu9gcMG1oE1TzZLsUpYzn6us",
+            "alg": "RSA-OAEP-256",
+            "dq": "lRCSzYArvJ-JWWq4aqh4j1sgDchBb-JtHlcCCRB-lHkp8RUuaYXYaPiPmFjNy6eKcORamlBFwMaPSPdUgjxSSFHb03V0rvS_fddg2K7Op-ZO-VpMkaQpAc5r2LbXqP-buS8wNJqZ16Oo1gcEYOSYvDQUhdQxHHqvVlP16lDAjtE",
+            "n": "qAGmpoooijsopTzj9cEEgLX9O3_e0nR-Y8QhSAgiUGkkpwpNhFYR96zcfRlTRi0IOpghvBw0DqIb8kgAJmOAyEdjT8k5wi7OvbFYSzk67r0bd4U_OVohQ4Df0m79pgYcRGL8OBscdpitt7FOC2xGaBgSD8BWjF9h_GgqZjI0-AqOSPHWIcD3z08QeuoLB0_QG2B4XXF8TCpIqAILiiKTHwz6pqHMnxomBgAZot49FqlRJEVVbfxsNwbWStEoolskNi_2lKKanUIuz5gz5G6CXzzrSGKTgJVmBvRS9hLDSzc5_SaE4JlWqDWaoa0KLeEzblj9zmehb346LChkS2no4w"
         }
     ]
 }

data/public.json

@@ -7,6 +7,14 @@
          "kid":"Ana-TpIxraP9mCAwyAbxk40LqpE5Utfjjd4EQrc6sBM",
          "alg":"RS256",
          "n":"rhipCrDSyEJpr8JJnBORLXb4jYbzCDNJAYCUCuYts-z7iLTnfNv2AkmphbY9EpGk1j96IQZq7g4fwFLh5HS9SFEPpTRh2-5Pp1QRnd-nhSaeT7hkVXGTGjlmRDHgv1-69_MZFSuBFA9I3yzdT7LlkWwPZS7WL5MYHNtbLJSIF1ls-MLleGci5qWCcLXPqMpeG_VEA53IhfIcVIMDU3g3gWqqEM7CTWdkdJ12fUyMpEPzF1VOYGadO181zdo6sIkdyWqAoCesUv_9Xpi9weJT_yduiInb0xzpsriP_U-dXwHf0ULI7vKIqa--WMbGUHD974tSxTOknYvRSyGRHWClmw"
+      },
+      {
+          "kty": "RSA",
+          "e": "AQAB",
+          "use": "enc",
+          "kid": "Gde0lSdovmeQDnL86WBa4n7eJyTfX61Vpzge2zp-dOg",
+          "alg": "RSA-OAEP-256",
+          "n": "qAGmpoooijsopTzj9cEEgLX9O3_e0nR-Y8QhSAgiUGkkpwpNhFYR96zcfRlTRi0IOpghvBw0DqIb8kgAJmOAyEdjT8k5wi7OvbFYSzk67r0bd4U_OVohQ4Df0m79pgYcRGL8OBscdpitt7FOC2xGaBgSD8BWjF9h_GgqZjI0-AqOSPHWIcD3z08QeuoLB0_QG2B4XXF8TCpIqAILiiKTHwz6pqHMnxomBgAZot49FqlRJEVVbfxsNwbWStEoolskNi_2lKKanUIuz5gz5G6CXzzrSGKTgJVmBvRS9hLDSzc5_SaE4JlWqDWaoa0KLeEzblj9zmehb346LChkS2no4w"
       }
    ]
 }

go.mod

@@ -6,7 +6,9 @@ require (
 	github.com/go-jose/go-jose/v3 v3.0.0
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/imdario/mergo v0.3.13
+	github.com/itchyny/gojq v0.12.10
 	github.com/lithammer/shortuuid/v4 v4.0.0
 	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8
 	github.com/pkg/errors v0.9.1
@@ -23,8 +25,8 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/gookit/color v1.5.0 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/itchyny/gojq v0.12.10 // indirect
 	github.com/itchyny/timefmt-go v0.1.5 // indirect
 	github.com/lithammer/fuzzysearch v1.1.5 // indirect
 	github.com/mattn/go-runewidth v0.0.14 // indirect

go.sum

@@ -21,7 +21,6 @@ github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyM
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
@@ -31,6 +30,10 @@ github.com/gookit/color v1.5.0 h1:1Opow3+BWDwqor78DcJkJCIwnkviFi+rrOANki9BUFw=
 github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl7wAo=
 github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b h1:NGgE5ELokSf2tZ/bydyDUKrvd/jP8lrAoPNeBuMOTOk=
 github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b/go.mod h1:zT/uzhdQGTqlwTq7Lpbj3JoJQWfPfIJ1tE0OidAmih8=
+github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
 github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
@@ -52,7 +55,6 @@ github.com/lithammer/fuzzysearch v1.1.5 h1:Ag7aKU08wp0R9QCfF4GoGST9HbmAIeLP7xwMr
 github.com/lithammer/fuzzysearch v1.1.5/go.mod h1:1R1LRNk7yKid1BaQkmuLQaHruxcC4HmAH30Dh61Ih1Q=
 github.com/lithammer/shortuuid/v4 v4.0.0 h1:QRbbVkfgNippHOS8PXDkti4NaWeyYfcBTHtw7k08o4c=
 github.com/lithammer/shortuuid/v4 v4.0.0/go.mod h1:Zs8puNcrvf2rV9rTH51ZLLcj7ZXqQI3lv67aw4KiB1Y=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
@@ -105,7 +107,6 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8 h1:OH54vjqzRWmbJ62fjuhxy7AxFFgoHN0/DPc/UrL8cAs=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=