Add an additional, optional, op.Storage interface so that refresh tokens
that are not JWTs do not cause failures when they randomly, sometimes, decrypt
without error
```go
// CanRefreshTokenInfo is an optional additional interface that Storage can support.
// Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that
// does not happen to also be a JWTs work properly.
type CanRefreshTokenInfo interface {
// GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented
// with a token that is not a refresh token.
GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)
}
```
This commit is contained in:
David Sharnoff
parent
50e10665bb
commit
34fee029d9
4 changed files with 40 additions and 4 deletions
|
|
@ -18,6 +18,7 @@ const (
|
|||
InteractionRequired errorType = "interaction_required"
|
||||
LoginRequired errorType = "login_required"
|
||||
RequestNotSupported errorType = "request_not_supported"
|
||||
InvalidRefreshToken errorType = "invalid_refresh_token"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -77,6 +78,11 @@ var (
|
|||
ErrorType: RequestNotSupported,
|
||||
}
|
||||
}
|
||||
ErrInvalidRefreshToken = func() *Error {
|
||||
return &Error{
|
||||
ErrorType: InvalidRefreshToken,
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
type Error struct {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue