feat: refresh token (#1728)

* begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-11 21:17:32 +00:00 · 2021-05-20 13:33:35 +02:00
parent bc21eeb114
commit ec5020bebc
36 changed files with 2732 additions and 55 deletions
--- a/internal/api/grpc/auth/refresh_token.go
+++ b/internal/api/grpc/auth/refresh_token.go
@@ -0,0 +1,58 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
+	"github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/auth"
+)
+
+func (s *Server) ListMyRefreshTokens(ctx context.Context, req *auth.ListMyRefreshTokensRequest) (*auth.ListMyRefreshTokensResponse, error) {
+	res, err := s.repo.SearchMyRefreshTokens(ctx, authz.GetCtxData(ctx).UserID, ListMyRefreshTokensRequestToModel(req))
+	if err != nil {
+		return nil, err
+	}
+	return &auth.ListMyRefreshTokensResponse{
+		Result: user_grpc.RefreshTokensToPb(res.Result),
+		Details: object.ToListDetails(
+			res.TotalResult,
+			res.Sequence,
+			res.Timestamp,
+		),
+	}, nil
+}
+
+func (s *Server) RevokeMyRefreshToken(ctx context.Context, req *auth.RevokeMyRefreshTokenRequest) (*auth.RevokeMyRefreshTokenResponse, error) {
+	ctxData := authz.GetCtxData(ctx)
+	details, err := s.command.RevokeRefreshToken(ctx, ctxData.UserID, ctxData.ResourceOwner, req.Id)
+	if err != nil {
+		return nil, err
+	}
+	return &auth.RevokeMyRefreshTokenResponse{
+		Details: object.DomainToChangeDetailsPb(details),
+	}, nil
+}
+
+func (s *Server) RevokeAllMyRefreshTokens(ctx context.Context, _ *auth.RevokeAllMyRefreshTokensRequest) (*auth.RevokeAllMyRefreshTokensResponse, error) {
+	ctxData := authz.GetCtxData(ctx)
+	res, err := s.repo.SearchMyRefreshTokens(ctx, ctxData.UserID, ListMyRefreshTokensRequestToModel(nil))
+	if err != nil {
+		return nil, err
+	}
+	tokenIDs := make([]string, len(res.Result))
+	for i, view := range res.Result {
+		tokenIDs[i] = view.ID
+	}
+	err = s.command.RevokeRefreshTokens(ctx, ctxData.UserID, ctxData.ResourceOwner, tokenIDs)
+	if err != nil {
+		return nil, err
+	}
+	return &auth.RevokeAllMyRefreshTokensResponse{}, nil
+}
+
+func ListMyRefreshTokensRequestToModel(_ *auth.ListMyRefreshTokensRequest) *model.RefreshTokenSearchRequest {
+	return &model.RefreshTokenSearchRequest{} //add sorting, queries, ... when possible
+}