cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

properly set expires in storage

Browse source
This commit is contained in:
Tim Möhlmann 2023-02-24 10:18:31 +01:00
parent 768a1355d9
commit 0f9ec46aaa
3 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pkg/op/device.go
View file

@ -77,7 +77,9 @@ func DeviceAuthorization(w http.ResponseWriter, r *http.Request, o OpenIDProvide
RequestError(w, r, err) RequestError(w, r, err)
return return
} }
err = storage.StoreDeviceAuthorization(r.Context(), req.ClientID, deviceCode, userCode, req.Scopes)
expires := time.Now().Add(time.Duration(config.Lifetime) * time.Second)
err = storage.StoreDeviceAuthorization(r.Context(), req.ClientID, deviceCode, userCode, expires, req.Scopes)
if err != nil { if err != nil {
RequestError(w, r, err) RequestError(w, r, err)
return return

9
pkg/op/op.go
View file

@ -28,7 +28,7 @@ const (
defaultEndSessionEndpoint = "end_session" defaultEndSessionEndpoint = "end_session"
defaultKeysEndpoint = "keys" defaultKeysEndpoint = "keys"
defaultDeviceAuthzEndpoint = "/device_authorization" defaultDeviceAuthzEndpoint = "/device_authorization"
defaultUserCodeFormEndpoint = "/device" defaultUserCodeFormEndpoint = "/submit_user_code"
) )
var ( var (
@ -124,6 +124,7 @@ type Config struct {
GrantTypeRefreshToken bool GrantTypeRefreshToken bool
RequestObjectSupported bool RequestObjectSupported bool
SupportedUILocales []language.Tag SupportedUILocales []language.Tag
DeviceAuthorization DeviceAuthorizationConfig
} }
type endpoints struct { type endpoints struct {
@ -153,6 +154,7 @@ type endpoints struct {
// /revoke // /revoke
// /end_session // /end_session
// /keys // /keys
// /device_authorization
// //
// This does not include login. Login is handled with a redirect that includes the // This does not include login. Login is handled with a redirect that includes the
// request ID. The redirect for logins is specified per-client by Client.LoginURL(). // request ID. The redirect for logins is specified per-client by Client.LoginURL().
@ -292,7 +294,8 @@ func (o *Provider) GrantTypeJWTAuthorizationSupported() bool {
} }
func (o *Provider) GrantTypeDeviceCodeSupported() bool { func (o *Provider) GrantTypeDeviceCodeSupported() bool {
return true _, ok := o.storage.(DeviceAuthorizationStorage)
return ok
} }
func (o *Provider) IntrospectionAuthMethodPrivateKeyJWTSupported() bool { func (o *Provider) IntrospectionAuthMethodPrivateKeyJWTSupported() bool {
@ -329,7 +332,7 @@ func (o *Provider) SupportedUILocales() []language.Tag {
} }
func (o *Provider) DeviceAuthorization() DeviceAuthorizationConfig { func (o *Provider) DeviceAuthorization() DeviceAuthorizationConfig {
return DeviceAuthorizationConfig{} return o.config.DeviceAuthorization
} }
func (o *Provider) Storage() Storage { func (o *Provider) Storage() Storage {

2
pkg/op/storage.go
View file

@ -171,7 +171,7 @@ type DeviceAuthorizationStorage interface {
// database, the change for collisions increases. Therefore implementers // database, the change for collisions increases. Therefore implementers
// of this interface must make sure that user codes of expired authentication flows are purged, // of this interface must make sure that user codes of expired authentication flows are purged,
// after some time. // after some time.
StoreDeviceAuthorization(ctx context.Context, clientID, deviceCode, userCode string, scopes []string) error StoreDeviceAuthorization(ctx context.Context, clientID, deviceCode, userCode string, expires time.Time, scopes []string) error
// GetDeviceAuthorizatonState returns the current state of the device authorization flow in the database. // GetDeviceAuthorizatonState returns the current state of the device authorization flow in the database.
// The method is polled untill the the authorization is eighter Completed, Expired or Denied. // The method is polled untill the the authorization is eighter Completed, Expired or Denied.