Return auth ID bytes

psiphon/common/accesscontrol/accesscontrol.go

@@ -166,23 +166,23 @@ func ValidateSigningKey(signingKey *SigningKey) error {
 //
 // The first return value is a base64-encoded, serialized JSON representation
 // of the signed authorization that can be passed to VerifyAuthorization. The
-// second return value is the base64-encoded unique ID of the signed
-// authorization returned in the first value.
+// second return value is the unique ID of the signed authorization returned in
+// the first value.
 func IssueAuthorization(
 	signingKey *SigningKey,
 	seedAuthorizationID []byte,
-	expires time.Time) (string, string, error) {
+	expires time.Time) (string, []byte, error) {
 
 	err := ValidateSigningKey(signingKey)
 	if err != nil {
-		return "", "", errors.Trace(err)
+		return "", nil, errors.Trace(err)
 	}
 
 	hkdf := hkdf.New(sha256.New, signingKey.AuthorizationIDKey, nil, seedAuthorizationID)
 	ID := make([]byte, authorizationIDLength)
 	_, err = io.ReadFull(hkdf, ID)
 	if err != nil {
-		return "", "", errors.Trace(err)
+		return "", nil, errors.Trace(err)
 	}
 
 	auth := Authorization{
@@ -193,7 +193,7 @@ func IssueAuthorization(
 
 	authJSON, err := json.Marshal(auth)
 	if err != nil {
-		return "", "", errors.Trace(err)
+		return "", nil, errors.Trace(err)
 	}
 
 	signature := ed25519.Sign(signingKey.PrivateKey, authJSON)
@@ -206,13 +206,12 @@ func IssueAuthorization(
 
 	signedAuthJSON, err := json.Marshal(signedAuth)
 	if err != nil {
-		return "", "", errors.Trace(err)
+		return "", nil, errors.Trace(err)
 	}
 
 	encodedSignedAuth := base64.StdEncoding.EncodeToString(signedAuthJSON)
-	encodedAuthID := base64.StdEncoding.EncodeToString(ID)
 
-	return encodedSignedAuth, encodedAuthID, nil
+	return encodedSignedAuth, ID, nil
 }
 
 // VerificationKeyRing is a set of verification keys to be deployed