mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
fix(oidc): refresh token for device authorization (#7104)
fix(oidc); refresh token for device authorization Due to a mis-alignment of OIDC interface and concrete implementations in zitadel, requesting a refresh token for device authorization would fail. This change adds the possibility to to use the op.IDTokenRequest directly. Also, the UserAgentID is dropped as required parameter, as devices do not have a user agent.
This commit is contained in:
parent
5ce542b959
commit
85eb2eda0b
@ -200,6 +200,8 @@ func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest)
|
|||||||
// trigger activity log for authentication for user
|
// trigger activity log for authentication for user
|
||||||
activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
|
activity.Trigger(ctx, "", authReq.CurrentAuthRequest.UserID, activity.OIDCAccessToken)
|
||||||
return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
|
return o.command.AddOIDCSessionAccessToken(setContextUserSystem(ctx), authReq.GetID())
|
||||||
|
case op.IDTokenRequest:
|
||||||
|
applicationID = authReq.GetClientID()
|
||||||
}
|
}
|
||||||
|
|
||||||
accessTokenLifetime, _, _, _, err := o.getOIDCSettings(ctx)
|
accessTokenLifetime, _, _, _, err := o.getOIDCSettings(ctx)
|
||||||
@ -263,15 +265,16 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getInfoFromRequest(req op.TokenRequest) (string, string, string, time.Time, []string) {
|
func getInfoFromRequest(req op.TokenRequest) (string, string, string, time.Time, []string) {
|
||||||
authReq, ok := req.(*AuthRequest)
|
switch r := req.(type) {
|
||||||
if ok {
|
case *AuthRequest:
|
||||||
return authReq.AgentID, authReq.ApplicationID, authReq.UserOrgID, authReq.AuthTime, authReq.GetAMR()
|
return r.AgentID, r.ApplicationID, r.UserOrgID, r.AuthTime, r.GetAMR()
|
||||||
|
case *RefreshTokenRequest:
|
||||||
|
return r.UserAgentID, r.ClientID, "", r.AuthTime, r.AuthMethodsReferences
|
||||||
|
case op.IDTokenRequest:
|
||||||
|
return "", r.GetClientID(), "", r.GetAuthTime(), r.GetAMR()
|
||||||
|
default:
|
||||||
|
return "", "", "", time.Time{}, nil
|
||||||
}
|
}
|
||||||
refreshReq, ok := req.(*RefreshTokenRequest)
|
|
||||||
if ok {
|
|
||||||
return refreshReq.UserAgentID, refreshReq.ClientID, "", refreshReq.AuthTime, refreshReq.AuthMethodsReferences
|
|
||||||
}
|
|
||||||
return "", "", "", time.Time{}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken string) (_ op.RefreshTokenRequest, err error) {
|
func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken string) (_ op.RefreshTokenRequest, err error) {
|
||||||
|
@ -45,7 +45,7 @@ func (c *Commands) AddNewRefreshTokenAndAccessToken(
|
|||||||
refreshIdleExpiration time.Duration,
|
refreshIdleExpiration time.Duration,
|
||||||
authTime time.Time,
|
authTime time.Time,
|
||||||
) (accessToken *domain.Token, newRefreshToken string, err error) {
|
) (accessToken *domain.Token, newRefreshToken string, err error) {
|
||||||
if userID == "" || agentID == "" || clientID == "" {
|
if userID == "" || clientID == "" {
|
||||||
return nil, "", zerrors.ThrowInvalidArgument(nil, "COMMAND-adg4r", "Errors.IDMissing")
|
return nil, "", zerrors.ThrowInvalidArgument(nil, "COMMAND-adg4r", "Errors.IDMissing")
|
||||||
}
|
}
|
||||||
userWriteModel := NewUserWriteModel(userID, orgID)
|
userWriteModel := NewUserWriteModel(userID, orgID)
|
||||||
|
Loading…
Reference in New Issue
Block a user