docs(example): simplified deletion (#699)
* simplified deletion * added docs
This commit is contained in:
mqf20
GitHub
parent
03e5ff8345
commit
37dd41e49b
2 changed files with 11 additions and 14 deletions
|
|
@ -388,14 +388,9 @@ func (s *Storage) RevokeToken(ctx context.Context, tokenIDOrToken string, userID
|
||||||
if refreshToken.ApplicationID != clientID {
|
if refreshToken.ApplicationID != clientID {
|
||||||
return oidc.ErrInvalidClient().WithDescription("token was not issued for this client")
|
return oidc.ErrInvalidClient().WithDescription("token was not issued for this client")
|
||||||
}
|
}
|
||||||
// if it is a refresh token, you will have to remove the access token as well
|
|
||||||
delete(s.refreshTokens, refreshToken.ID)
|
delete(s.refreshTokens, refreshToken.ID)
|
||||||
for _, accessToken := range s.tokens {
|
// if it is a refresh token, you will have to remove the access token as well
|
||||||
if accessToken.RefreshTokenID == refreshToken.ID {
|
delete(s.tokens, refreshToken.AccessToken)
|
||||||
delete(s.tokens, accessToken.ID)
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -597,12 +592,17 @@ func (s *Storage) createRefreshToken(accessToken *Token, amr []string, authTime
|
||||||
Audience: accessToken.Audience,
|
Audience: accessToken.Audience,
|
||||||
Expiration: time.Now().Add(5 * time.Hour),
|
Expiration: time.Now().Add(5 * time.Hour),
|
||||||
Scopes: accessToken.Scopes,
|
Scopes: accessToken.Scopes,
|
||||||
|
AccessToken: accessToken.ID,
|
||||||
}
|
}
|
||||||
s.refreshTokens[token.ID] = token
|
s.refreshTokens[token.ID] = token
|
||||||
return token.Token, nil
|
return token.Token, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// renewRefreshToken checks the provided refresh_token and creates a new one based on the current
|
// renewRefreshToken checks the provided refresh_token and creates a new one based on the current
|
||||||
|
//
|
||||||
|
// [Refresh Token Rotation] is implemented.
|
||||||
|
//
|
||||||
|
// [Refresh Token Rotation]: https://www.rfc-editor.org/rfc/rfc6819#section-5.2.2.3
|
||||||
func (s *Storage) renewRefreshToken(currentRefreshToken string) (string, string, error) {
|
func (s *Storage) renewRefreshToken(currentRefreshToken string) (string, string, error) {
|
||||||
s.lock.Lock()
|
s.lock.Lock()
|
||||||
defer s.lock.Unlock()
|
defer s.lock.Unlock()
|
||||||
|
|
@ -610,14 +610,10 @@ func (s *Storage) renewRefreshToken(currentRefreshToken string) (string, string,
|
||||||
if !ok {
|
if !ok {
|
||||||
return "", "", fmt.Errorf("invalid refresh token")
|
return "", "", fmt.Errorf("invalid refresh token")
|
||||||
}
|
}
|
||||||
// deletes the refresh token and all access tokens which were issued based on this refresh token
|
// deletes the refresh token
|
||||||
delete(s.refreshTokens, currentRefreshToken)
|
delete(s.refreshTokens, currentRefreshToken)
|
||||||
for _, token := range s.tokens {
|
// delete the access token which was issued based on this refresh token
|
||||||
if token.RefreshTokenID == currentRefreshToken {
|
delete(s.tokens, refreshToken.AccessToken)
|
||||||
delete(s.tokens, token.ID)
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
// creates a new refresh token based on the current one
|
// creates a new refresh token based on the current one
|
||||||
token := uuid.NewString()
|
token := uuid.NewString()
|
||||||
refreshToken.Token = token
|
refreshToken.Token = token
|
||||||
|
|
|
||||||
|
|
@ -22,4 +22,5 @@ type RefreshToken struct {
|
||||||
ApplicationID string
|
ApplicationID string
|
||||||
Expiration time.Time
|
Expiration time.Time
|
||||||
Scopes []string
|
Scopes []string
|
||||||
|
AccessToken string // Token.ID
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue