normalizePathSegments normalizes path segments for consistent OAuth2 audience matching. Uses url.URL.ResolveReference() which implements RFC 3986 dot-segment removal.
(path string)
| 813 | // normalizePathSegments normalizes path segments for consistent OAuth2 audience matching. |
| 814 | // Uses url.URL.ResolveReference() which implements RFC 3986 dot-segment removal. |
| 815 | func normalizePathSegments(path string) string { |
| 816 | if path == "" { |
| 817 | // If no path is specified, use "/" for consistency with RFC 8707 examples |
| 818 | return "/" |
| 819 | } |
| 820 | |
| 821 | // Use url.URL.ResolveReference() to handle dot-segment removal per RFC 3986 |
| 822 | base := &url.URL{Path: "/"} |
| 823 | ref := &url.URL{Path: path} |
| 824 | resolved := base.ResolveReference(ref) |
| 825 | |
| 826 | normalizedPath := resolved.Path |
| 827 | |
| 828 | // Remove trailing slash from paths longer than "/" to normalize |
| 829 | // This ensures "/api/" and "/api" are treated as equivalent |
| 830 | if len(normalizedPath) > 1 && strings.HasSuffix(normalizedPath, "/") { |
| 831 | normalizedPath = strings.TrimSuffix(normalizedPath, "/") |
| 832 | } |
| 833 | |
| 834 | return normalizedPath |
| 835 | } |
| 836 | |
| 837 | // Test export functions for testing package access |
| 838 |
no outgoing calls