Merge branch 'main' into main-to-next
This commit is contained in:
Tim Möhlmann
commit
8dff7ddee0
27 changed files with 308 additions and 146 deletions
|
|
@ -61,12 +61,18 @@ func callTokenEndpoint(ctx context.Context, request interface{}, authFn interfac
|
|||
if err := httphelper.HttpRequest(caller.HttpClient(), req, &tokenRes); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &oauth2.Token{
|
||||
token := &oauth2.Token{
|
||||
AccessToken: tokenRes.AccessToken,
|
||||
TokenType: tokenRes.TokenType,
|
||||
RefreshToken: tokenRes.RefreshToken,
|
||||
Expiry: time.Now().UTC().Add(time.Duration(tokenRes.ExpiresIn) * time.Second),
|
||||
}, nil
|
||||
}
|
||||
if tokenRes.IDToken != "" {
|
||||
token = token.WithExtra(map[string]any{
|
||||
"id_token": tokenRes.IDToken,
|
||||
})
|
||||
}
|
||||
return token, nil
|
||||
}
|
||||
|
||||
type EndSessionCaller interface {
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ func TestRelyingPartySession(t *testing.T) {
|
|||
t.Logf("new token type %s", newTokens.TokenType)
|
||||
t.Logf("new expiry %s", newTokens.Expiry.Format(time.RFC3339))
|
||||
require.NotEmpty(t, newTokens.AccessToken, "new accessToken")
|
||||
assert.NotEmpty(t, newTokens.Extra("id_token"), "new idToken")
|
||||
|
||||
t.Log("------ end session (logout) ------")
|
||||
|
||||
|
|
@ -158,7 +159,6 @@ func TestResourceServerTokenExchange(t *testing.T) {
|
|||
require.Error(t, err, "refresh token")
|
||||
assert.Contains(t, err.Error(), "subject_token is invalid")
|
||||
require.Nil(t, tokenExchangeResponse, "token exchange response")
|
||||
|
||||
}
|
||||
|
||||
func RunAuthorizationCodeFlow(t *testing.T, opServer *httptest.Server, clientID, clientSecret string) (provider rp.RelyingParty, accessToken, refreshToken, idToken string) {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,9 @@ type TokenSource interface {
|
|||
TokenCtx(context.Context) (*oauth2.Token, error)
|
||||
}
|
||||
|
||||
// jwtProfileTokenSource implements the TokenSource
|
||||
// jwtProfileTokenSource implement the oauth2.TokenSource
|
||||
// it will request a token using the OAuth2 JWT Profile Grant
|
||||
// therefore sending an `assertion` by signing a JWT with the provided private key
|
||||
type jwtProfileTokenSource struct {
|
||||
clientID string
|
||||
audience []string
|
||||
|
|
|
|||
|
|
@ -599,6 +599,10 @@ type RefreshTokenRequest struct {
|
|||
GrantType oidc.GrantType `schema:"grant_type"`
|
||||
}
|
||||
|
||||
// RefreshAccessToken performs a token refresh. If it doesn't error, it will always
|
||||
// provide a new AccessToken. It may provide a new RefreshToken, and if it does, then
|
||||
// the old one should be considered invalid. It may also provide a new IDToken. The
|
||||
// new IDToken can be retrieved with token.Extra("id_token").
|
||||
func RefreshAccessToken(ctx context.Context, rp RelyingParty, refreshToken, clientAssertion, clientAssertionType string) (*oauth2.Token, error) {
|
||||
request := RefreshTokenRequest{
|
||||
RefreshToken: refreshToken,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue