zitadel/internal/domain/refresh_token.go

package domain

import (
	"encoding/base64"
	"strings"

	"github.com/zitadel/zitadel/internal/crypto"
	caos_errors "github.com/zitadel/zitadel/internal/errors"
)

func NewRefreshToken(userID, tokenID string, algorithm crypto.EncryptionAlgorithm) (string, error) {
	return RefreshToken(userID, tokenID, tokenID, algorithm)
}

func RefreshToken(userID, tokenID, token string, algorithm crypto.EncryptionAlgorithm) (string, error) {
	encrypted, err := algorithm.Encrypt([]byte(userID + ":" + tokenID + ":" + token))
	if err != nil {
		return "", err
	}
	return base64.RawURLEncoding.EncodeToString(encrypted), nil
}

func FromRefreshToken(refreshToken string, algorithm crypto.EncryptionAlgorithm) (userID, tokenID, token string, err error) {
	decoded, err := base64.RawURLEncoding.DecodeString(refreshToken)
	if err != nil {
		return "", "", "", err
	}
	decrypted, err := algorithm.Decrypt(decoded, algorithm.EncryptionKeyID())
	if err != nil {
		return "", "", "", err
	}
	split := strings.Split(string(decrypted), ":")
	if len(split) != 3 {
		return "", "", "", caos_errors.ThrowInternal(nil, "DOMAIN-BGDhn", "Errors.User.RefreshToken.Invalid")
	}
	return split[0], split[1], split[2], nil
}
feat: refresh token (#1728) * begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-05-20 11:33:35 +00:00			`package domain`

			`import (`
			`"encoding/base64"`
			`"strings"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/crypto"`
			`caos_errors "github.com/zitadel/zitadel/internal/errors"`
feat: refresh token (#1728) * begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-05-20 11:33:35 +00:00			`)`

			`func NewRefreshToken(userID, tokenID string, algorithm crypto.EncryptionAlgorithm) (string, error) {`
			`return RefreshToken(userID, tokenID, tokenID, algorithm)`
			`}`

			`func RefreshToken(userID, tokenID, token string, algorithm crypto.EncryptionAlgorithm) (string, error) {`
			`encrypted, err := algorithm.Encrypt([]byte(userID + ":" + tokenID + ":" + token))`
			`if err != nil {`
			`return "", err`
			`}`
			`return base64.RawURLEncoding.EncodeToString(encrypted), nil`
			`}`

			`func FromRefreshToken(refreshToken string, algorithm crypto.EncryptionAlgorithm) (userID, tokenID, token string, err error) {`
			`decoded, err := base64.RawURLEncoding.DecodeString(refreshToken)`
			`if err != nil {`
			`return "", "", "", err`
			`}`
			`decrypted, err := algorithm.Decrypt(decoded, algorithm.EncryptionKeyID())`
			`if err != nil {`
			`return "", "", "", err`
			`}`
			`split := strings.Split(string(decrypted), ":")`
			`if len(split) != 3 {`
			`return "", "", "", caos_errors.ThrowInternal(nil, "DOMAIN-BGDhn", "Errors.User.RefreshToken.Invalid")`
			`}`
			`return split[0], split[1], split[2], nil`
			`}`