feat: add CanRefreshTokenInfo to support non-JWT refresh tokens (#244)
* Add an additional, optional, op.Storage interface so that refresh tokens
that are not JWTs do not cause failures when they randomly, sometimes, decrypt
without error
```go
// CanRefreshTokenInfo is an optional additional interface that Storage can support.
// Supporting CanRefreshTokenInfo is required to be able to revoke a refresh token that
// does not happen to also be a JWTs work properly.
type CanRefreshTokenInfo interface {
// GetRefreshTokenInfo must return oidc.ErrInvalidRefreshToken when presented
// with a token that is not a refresh token.
GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)
}
```
* add comment suggested in code review
* review feedback: return an error defined in op rather than adding a new error to oidc
* move ErrInvalidRefresToken to op/storage.go
This commit is contained in:
David Sharnoff
GitHub
parent
fa222c5efb
commit
cdf2af6c2c
3 changed files with 37 additions and 4 deletions
|
|
@ -3,4 +3,5 @@
|
|||
|
||||
- Add `rp/RelyingParty.GetRevokeEndpoint`
|
||||
- Rename `op/OpStorage.GetKeyByIDAndUserID` to `op/OpStorage.GetKeyByIDAndClientID`
|
||||
- Add `CanRefreshTokenInfo` (`GetRefreshTokenInfo()`) to `op.Storage`
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue