cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add an additional, optional, op.Storage interface so that refresh tokens

Browse source 
that are not JWTs do not cause failures when they randomly, sometimes, decrypt
without error

```go
// CanRefreshTokenInfo is an optional additional interface that Storage can support.
// Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that
// does not happen to also be a JWTs work properly.
type CanRefreshTokenInfo interface {
        // GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented
	// with a token that is not a refresh token.
	GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)
}
```
This commit is contained in:
David Sharnoff 2022-11-10 17:26:32 -08:00
parent 50e10665bb
commit 34fee029d9
4 changed files with 40 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/op/storage.go
View file

@ -50,6 +50,15 @@ type AuthStorage interface {
GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
}
// CanRefreshTokenInfo is an optional additional interface that Storage can support.
// Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that
// does not happen to also be JWTs.
type CanRefreshTokenInfo interface {
// GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented
// with a token that is not a refresh token.
GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)
}
type ClientCredentialsStorage interface {
ClientCredentialsTokenRequest(ctx context.Context, clientID string, scopes []string) (TokenRequest, error)
}