Refactor authorization setup in main.go and update Docker image in compose.yaml

oci-image/main.go

@@ -21,29 +21,23 @@ func main() {
 
 	logger := templog.NewCLILogger()
 
-	authorizer, err := authorization.GetAuthorizerFromConfig(&cfg.Global.Authorization)
-	if err != nil {
-		log.Fatalf("authorizer: %v", err)
-	}
-
-	claimMapper, err := authorization.GetClaimMapperFromConfig(&cfg.Global.Authorization, logger)
-	if err != nil {
-		log.Fatalf("claim mapper: %v", err)
-	}
-
-	audienceMapper, err := authorization.GetAudienceMapperFromConfig(&cfg.Global.Authorization)
-	if err != nil {
-		log.Fatalf("audience mapper: %v", err)
-	}
-
 	srv, err := temporal.NewServer(
 		temporal.ForServices(temporal.DefaultServices),
 		temporal.WithConfig(cfg),
 		temporal.WithLogger(logger),
 		temporal.InterruptOn(temporal.InterruptCh()),
-		temporal.WithAuthorizer(authorizer),
-		temporal.WithClaimMapper(func(*config.Config) authorization.ClaimMapper { return claimMapper }),
-		temporal.WithAudienceGetter(func(*config.Config) authorization.JWTAudienceMapper { return audienceMapper }),
+		temporal.WithAuthorizer(authorization.NewDefaultAuthorizer()),
+		temporal.WithClaimMapper(func(cfg *config.Config) authorization.ClaimMapper {
+			return authorization.NewDefaultJWTClaimMapper(
+				// token key provider - fetches public keys from the OIDC provider
+				authorization.NewDefaultTokenKeyProvider(&cfg.Global.Authorization, logger),
+				&cfg.Global.Authorization,
+				logger,
+			)
+		}),
+		temporal.WithAudienceGetter(func(cfg *config.Config) authorization.JWTAudienceMapper {
+			return authorization.NewAudienceMapper(cfg.Global.Authorization.Audience)
+		}),
 	)
 	if err != nil {
 		log.Fatalf("setup server: %v", err)