fixes lint issues

edge-apis/authwrapper.go

@@ -18,6 +18,7 @@ import (
 	manInfo "github.com/openziti/edge-api/rest_management_api_client/informational"
 	"github.com/openziti/edge-api/rest_model"
 	"github.com/openziti/edge-api/rest_util"
+	"github.com/openziti/foundation/v2/errorz"
 	"github.com/openziti/foundation/v2/stringz"
 	"github.com/pkg/errors"
 	"github.com/zitadel/oidc/v2/pkg/client/tokenexchange"
@@ -475,17 +476,28 @@ func oidcAuth(issuer string, credentials Credentials, configTypes []string, http
 		if err != nil {
 			return nil, err
 		}
+
+		if resp.StatusCode() != http.StatusOK {
+			apiErr := &errorz.ApiError{}
+			err = json.Unmarshal(resp.Body(), apiErr)
+
+			if err != nil {
+				return nil, fmt.Errorf("could not verify TOTP MFA code recieved %d - could not parse body: %s", resp.StatusCode(), string(resp.Body()))
+			}
+
+			return nil, apiErr
+
+		}
 	}
 
 	var outTokens *oidc.Tokens[*oidc.IDTokenClaims]
 
-	select {
-	case tokens := <-rpServer.TokenChan:
-		if tokens == nil {
-			return nil, errors.New("authentication did not complete, received nil tokens")
-		}
-		outTokens = tokens
+	tokens := <-rpServer.TokenChan
+
+	if tokens == nil {
+		return nil, errors.New("authentication did not complete, received nil tokens")
 	}
+	outTokens = tokens
 
 	return &ApiSession{
 		CurrentAPISessionDetail: &rest_model.CurrentAPISessionDetail{
@@ -498,7 +510,7 @@ func oidcAuth(issuer string, credentials Credentials, configTypes []string, http
 				Token:          ToPtr("Bearer " + outTokens.AccessToken),
 			},
 			ExpiresAt:         ToPtr(strfmt.DateTime(outTokens.Expiry)),
-			ExpirationSeconds: ToPtr(int64(outTokens.Expiry.Sub(time.Now()).Seconds())),
+			ExpirationSeconds: ToPtr(int64(time.Until(outTokens.Expiry).Seconds())),
 		},
 		Tokens: outTokens,
 	}, nil

ziti/ziti.go

@@ -1203,49 +1203,6 @@ func (context *ContextImpl) getEdgeRouterConn(session *rest_model.SessionDetail,
 	}
 }
 
-// updateToken attempts to update all connected edge router tokens. Each update is bounded by the
-// supplied timeout duration. The requests are sent out concurrently and this function blocks until
-// they all return or timeout. The results are a map of router key -> error or nil.
-func (context *ContextImpl) updateToken(newToken string, timeout time.Duration) map[string]error {
-	errs := map[string]error{}
-
-	group := sync.WaitGroup{}
-	for tuple := range context.routerConnections.IterBuffered() {
-		routerConn := tuple.Val
-		group.Add(1)
-
-		go func() {
-			err := routerConn.UpdateToken(newToken, timeout)
-
-			if err != nil {
-				errs[routerConn.Key()] = err
-			}
-
-			group.Done()
-		}()
-	}
-
-	group.Wait()
-
-	if len(errs) == 0 {
-		return nil
-	}
-	return errs
-}
-
-// updateTokenCh provides the same functionality as updateToken but is non-blocking. The chan result is a map of
-// router keys -> error values or nil.
-func (context *ContextImpl) updateTokenCh(newToken string, timeout time.Duration) chan map[string]error {
-	ch := make(chan map[string]error, 1)
-
-	go func() {
-		errs := context.updateToken(newToken, timeout)
-		ch <- errs
-	}()
-
-	return ch
-}
-
 func (context *ContextImpl) connectEdgeRouter(routerName, ingressUrl string, ret chan *edgeRouterConnResult) {
 	logger := pfxlog.Logger()