Replace uses of go-oidc/jose with square/go-jose. The v3 release
of go-oidc does not support any general-purpose JWT APIs and uses
square/go-jose internally.
This removes the dependency on the master version of go-oidc, which
fixes fatal module import problems when importing cloudflared as a module.
This fixes#592
Signed-off-by: James Peach <jpeach@cloudflare.com>
This is a cherry-pick of 157f5d1412
followed by build/CI changes so that amd64/linux FIPS compliance is
provided by new/separate binaries/artifacts/packages.
The reasoning being that FIPS compliance places excessive requirements
in the encryption algorithms used for regular users that do not care
about that. This can cause cloudflared to reject HTTPS origins that
would otherwise be accepted without FIPS checks.
This way, by having separate binaries, existing ones remain as they
were, and only FIPS-needy users will opt-in to the new FIPS binaries.
- Move packages the provide generic functionality (such as config) from `cmd` subtree to top level.
- Remove all dependencies on `cmd` subtree from top level packages.
- Consolidate all code dealing with token generation and transfer to a single cohesive package.