// encodeIDToken serializes and signs an ID Token then adds a field to the token response. func encodeIDToken(resp *osin.Response, idToken *IDToken, singer jose.Signer) { resp.InternalError = func() error { payload, err := json.Marshal(idToken) if err != nil { return fmt.Errorf("failed to marshal token: %v", err) } jws, err := jwtSigner.Sign(payload) if err != nil { return fmt.Errorf("failed to sign token: %v", err) } raw, err := jws.CompactSerialize() if err != nil { return fmt.Errorf("failed to serialize token: %v", err) } resp.Output["id_token"] = raw return nil }() // Record errors as internal server errors. if resp.InternalError != nil { resp.IsError = true resp.ErrorId = osin.E_SERVER_ERROR } }