chore: copy pointer type

Author: sweatybridge

pkg/config/auth.go

@@ -111,26 +111,24 @@ type JWK struct {
 // ToPublicJWK converts a JWK to a public-only version by removing private key components
 func (j JWK) ToPublicJWK() JWK {
 	publicJWK := JWK{
-		KeyType:     j.KeyType,
-		KeyID:       j.KeyID,
-		Use:         j.Use,
-		Algorithm:   j.Algorithm,
-		Extractable: j.Extractable,
+		KeyType:   j.KeyType,
+		KeyID:     j.KeyID,
+		Use:       j.Use,
+		Algorithm: j.Algorithm,
 	}
-	
+
+	// Copy the underlying type instead of the pointer
+	if j.Extractable != nil {
+		publicJWK.Extractable = cast.Ptr(*j.Extractable)
+	}
+
 	// Only include key_ops for verification (not signing) for public keys
-	if len(j.KeyOps) > 0 {
-		var publicOps []string
-		for _, op := range j.KeyOps {
-			if op == "verify" {
-				publicOps = append(publicOps, op)
-			}
-		}
-		if len(publicOps) > 0 {
-			publicJWK.KeyOps = publicOps
+	for _, op := range j.KeyOps {
+		if op == "verify" {
+			publicJWK.KeyOps = append(publicJWK.KeyOps, op)
 		}
 	}
-	
+
 	switch j.KeyType {
 	case "RSA":
 		// Include only public key components for RSA
@@ -142,7 +140,7 @@ func (j JWK) ToPublicJWK() JWK {
 		publicJWK.X = j.X
 		publicJWK.Y = j.Y
 	}
-	
+
 	return publicJWK
 }
 

pkg/config/config.go

@@ -1441,27 +1441,16 @@ func (a *auth) ResolveJWKS(ctx context.Context, fsys afero.Fs) (string, error) {
 		jwks.Keys = append(jwks.Keys, rJWKS.Keys...)
 	}
 
-	// If SIGNING_KEYS_PATH is provided, read from file and convert to public keys
-	if len(a.SigningKeysPath) > 0 {
-		f, err := fsys.Open(a.SigningKeysPath)
+	// Convert each signing key to public-only version
+	for _, key := range a.SigningKeys {
+		publicKeyEncoded, err := json.Marshal(key.ToPublicJWK())
 		if err != nil {
-			return "", errors.Errorf("failed to read signing key: %w", err)
+			return "", errors.Errorf("failed to marshal public key: %w", err)
 		}
-		jwtKeysArray, err := fetcher.ParseJSON[[]JWK](f)
-		if err != nil {
-			return "", err
-		}
-		// Convert each signing key to public-only version
-		for _, key := range jwtKeysArray {
-			publicKey := key.ToPublicJWK()
-			publicKeyEncoded, err := json.Marshal(publicKey)
-			if err != nil {
-				return "", errors.Errorf("failed to marshal public key: %w", err)
-			}
-			jwks.Keys = append(jwks.Keys, json.RawMessage(publicKeyEncoded))
-		}
-	} else {
-		// Fallback to JWT_SECRET for backward compatibility
+		jwks.Keys = append(jwks.Keys, json.RawMessage(publicKeyEncoded))
+	}
+	// Fallback to JWT_SECRET for backward compatibility
+	if len(a.SigningKeys) == 0 {
 		jwtSecret := secretJWK{
 			KeyType:      "oct",
 			KeyBase64URL: base64.RawURLEncoding.EncodeToString([]byte(a.JwtSecret.Value)),