Minor fixes and comments.

authority/provisioner/jwk.go

@@ -32,7 +32,7 @@ type JWK struct {
 	Key          *jose.JSONWebKey    `json:"key"`
 	EncryptedKey string              `json:"encryptedKey,omitempty"`
 	Claims       *Claims             `json:"claims,omitempty"`
-	Options      *ProvisionerOptions `json:"options"`
+	Options      *ProvisionerOptions `json:"options,omitempty"`
 	claimer      *Claimer
 	audiences    Audiences
 }
@@ -153,6 +153,7 @@ func (p *JWK) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
 		claims.SANs = []string{claims.Subject}
 	}
 
+	// Certificate templates
 	data := x509util.CreateTemplateData(claims.Subject, claims.SANs)
 	data.SetToken(claims)
 

authority/provisioner/oidc.go

@@ -303,6 +303,7 @@ func (o *OIDC) AuthorizeSign(ctx context.Context, token string) ([]SignOption, e
 		return nil, errs.Wrap(http.StatusInternalServerError, err, "oidc.AuthorizeSign")
 	}
 
+	// Certificate templates
 	data := x509util.CreateTemplateData(claims.Subject, []string{claims.Email})
 	data.SetToken(claims)
 

authority/provisioner/options.go

@@ -31,7 +31,7 @@ type ProvisionerOptions struct {
 func TemplateOptions(o *ProvisionerOptions, data x509util.TemplateData) (CertificateOptions, error) {
 	if o != nil {
 		if data == nil {
-			data = make(x509util.TemplateData)
+			data = x509util.NewTemplateData()
 		}
 
 		// Add template data if any.