cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: add comments documenting Storage and AuthStorage (#193)

Browse source 
* add comments documenting Storage and AuthStorage

* JWTTokenRequest is a pointer

* note that token strings are actually tokenIDs

* review feedback

* remove suggestion that CreateAccessToken could be called with retrun from AuthStorage.TokenRequestByRefreshToken
This commit is contained in:
David Sharnoff 2022-08-05 01:54:40 -07:00 committed by GitHub
parent 53ede2ee8c
commit 0b4d62c745
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

31
pkg/op/storage.go
View file

@ -16,12 +16,30 @@ type AuthStorage interface {
SaveAuthCode(context.Context, string, string) error SaveAuthCode(context.Context, string, string) error
DeleteAuthRequest(context.Context, string) error DeleteAuthRequest(context.Context, string) error
CreateAccessToken(context.Context, TokenRequest) (string, time.Time, error) // The TokenRequest parameter of CreateAccessToken can be any of:
CreateAccessAndRefreshTokens(ctx context.Context, request TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshToken string, expiration time.Time, err error) //
TokenRequestByRefreshToken(ctx context.Context, refreshToken string) (RefreshTokenRequest, error) // * TokenRequest as returned by ClientCredentialsStorage.ClientCredentialsTokenRequest,
//
// * AuthRequest as returned by AuthRequestByID or AuthRequestByCode (above)
//
// * *oidc.JWTTokenRequest from a JWT that is the assertion value of a JWT Profile
// Grant: https://datatracker.ietf.org/doc/html/rfc7523#section-2.1
CreateAccessToken(context.Context, TokenRequest) (accessTokenID string, expiration time.Time, err error)
// The TokenRequest parameter of CreateAccessAndRefreshTokens can be any of:
//
// * TokenRequest as returned by ClientCredentialsStorage.ClientCredentialsTokenRequest
//
// * RefreshTokenRequest as returned by AuthStorage.TokenRequestByRefreshToken
//
// * AuthRequest as by returned by the AuthRequestByID or AuthRequestByCode (above).
// Used for the authorization code flow which requested offline_access scope and
// registered the refresh_token grant type in advance
CreateAccessAndRefreshTokens(ctx context.Context, request TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshTokenID string, expiration time.Time, err error)
TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (RefreshTokenRequest, error)
TerminateSession(ctx context.Context, userID string, clientID string) error TerminateSession(ctx context.Context, userID string, clientID string) error
RevokeToken(ctx context.Context, token string, userID string, clientID string) *oidc.Error RevokeToken(ctx context.Context, tokenID string, userID string, clientID string) *oidc.Error
GetSigningKey(context.Context, chan<- jose.SigningKey) GetSigningKey(context.Context, chan<- jose.SigningKey)
GetKeySet(context.Context) (*jose.JSONWebKeySet, error) GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
@ -42,6 +60,11 @@ type OPStorage interface {
ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error) ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error)
} }
// Storage is a required parameter for NewOpenIDProvider(). In addition to the
// embedded interfaces below, if the passed Storage implements ClientCredentialsStorage
// then the grant type "client_credentials" will be supported. In that case, the access
// token returned by CreateAccessToken should be a JWT.
// See https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.4 for context.
type Storage interface { type Storage interface {
AuthStorage AuthStorage
OPStorage OPStorage