fix: access tokens for service users and refresh token infos (#1779)

* fix: access token for service user * handle info from refresh request * uniqueness * postpone access token uniqueness change
2025-08-12 04:57:33 +00:00 · 2021-05-26 09:01:07 +02:00
parent 070abae6d9
commit bf4c4d881d
7 changed files with 46 additions and 21 deletions
--- a/internal/api/oidc/auth_request.go
+++ b/internal/api/oidc/auth_request.go
@@ -110,17 +110,7 @@ func grantsToScopes(grants []*grant_model.UserGrantView) []string {
 func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.TokenRequest, refreshToken string) (_, _ string, _ time.Time, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()
-	var userAgentID, applicationID, userOrgID string
-	var authTime time.Time
-	var authMethodsReferences []string
-	authReq, ok := req.(*AuthRequest)
-	if ok {
-		userAgentID = authReq.AgentID
-		applicationID = authReq.ApplicationID
-		userOrgID = authReq.UserOrgID
-		authTime = authReq.AuthTime
-		authMethodsReferences = authReq.GetAMR()
-	}
+	userAgentID, applicationID, userOrgID, authTime, authMethodsReferences := getInfoFromRequest(req)
 	resp, token, err := o.command.AddAccessAndRefreshToken(ctx, userOrgID, userAgentID, applicationID, req.GetSubject(),
 		refreshToken, req.GetAudience(), req.GetScopes(), authMethodsReferences, o.defaultAccessTokenLifetime,
 		o.defaultRefreshTokenIdleExpiration, o.defaultRefreshTokenExpiration, authTime) //PLANNED: lifetime from client
@@ -130,6 +120,18 @@ func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.Tok
 	return resp.TokenID, token, resp.Expiration, nil
 }

+func getInfoFromRequest(req op.TokenRequest) (string, string, string, time.Time, []string) {
+	authReq, ok := req.(*AuthRequest)
+	if ok {
+		return authReq.AgentID, authReq.ApplicationID, authReq.UserOrgID, authReq.AuthTime, authReq.GetAMR()
+	}
+	refreshReq, ok := req.(*RefreshTokenRequest)
+	if ok {
+		return refreshReq.UserAgentID, refreshReq.ClientID, "", refreshReq.AuthTime, refreshReq.AuthMethodsReferences
+	}
+	return "", "", "", time.Time{}, nil
+}
+
 func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken string) (op.RefreshTokenRequest, error) {
 	tokenView, err := o.repo.RefreshTokenByID(ctx, refreshToken)
 	if err != nil {