feat: refresh token (#1728)

* begin refresh tokens * refresh tokens * list and revoke refresh tokens * handle remove * tests for refresh tokens * uniqueness and default expiration * rename oidc token methods * cleanup * migration version * Update internal/static/i18n/en.yaml Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * fixes * feat: update oidc pkg for refresh tokens Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 00:47:33 +00:00 · 2021-05-20 13:33:35 +02:00
parent bc21eeb114
commit ec5020bebc
36 changed files with 2732 additions and 55 deletions
--- a/internal/api/oidc/op.go
+++ b/internal/api/oidc/op.go
@@ -28,10 +28,12 @@ type OPHandlerConfig struct {
 }

 type StorageConfig struct {
-	DefaultLoginURL            string
-	SigningKeyAlgorithm        string
-	DefaultAccessTokenLifetime types.Duration
-	DefaultIdTokenLifetime     types.Duration
+	DefaultLoginURL                   string
+	SigningKeyAlgorithm               string
+	DefaultAccessTokenLifetime        types.Duration
+	DefaultIdTokenLifetime            types.Duration
+	DefaultRefreshTokenIdleExpiration types.Duration
+	DefaultRefreshTokenExpiration     types.Duration
 }

 type EndpointConfig struct {
@@ -49,13 +51,15 @@ type Endpoint struct {
 }

 type OPStorage struct {
-	repo                       repository.Repository
-	command                    *command.Commands
-	query                      *query.Queries
-	defaultLoginURL            string
-	defaultAccessTokenLifetime time.Duration
-	defaultIdTokenLifetime     time.Duration
-	signingKeyAlgorithm        string
+	repo                              repository.Repository
+	command                           *command.Commands
+	query                             *query.Queries
+	defaultLoginURL                   string
+	defaultAccessTokenLifetime        time.Duration
+	defaultIdTokenLifetime            time.Duration
+	signingKeyAlgorithm               string
+	defaultRefreshTokenIdleExpiration time.Duration
+	defaultRefreshTokenExpiration     time.Duration
 }

 func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.Commands, query *query.Queries, repo repository.Repository, keyConfig *crypto.KeyConfig, localDevMode bool) op.OpenIDProvider {
@@ -94,13 +98,15 @@ func NewProvider(ctx context.Context, config OPHandlerConfig, command *command.C

 func newStorage(config StorageConfig, command *command.Commands, query *query.Queries, repo repository.Repository) *OPStorage {
 	return &OPStorage{
-		repo:                       repo,
-		command:                    command,
-		query:                      query,
-		defaultLoginURL:            config.DefaultLoginURL,
-		signingKeyAlgorithm:        config.SigningKeyAlgorithm,
-		defaultAccessTokenLifetime: config.DefaultAccessTokenLifetime.Duration,
-		defaultIdTokenLifetime:     config.DefaultIdTokenLifetime.Duration,
+		repo:                              repo,
+		command:                           command,
+		query:                             query,
+		defaultLoginURL:                   config.DefaultLoginURL,
+		signingKeyAlgorithm:               config.SigningKeyAlgorithm,
+		defaultAccessTokenLifetime:        config.DefaultAccessTokenLifetime.Duration,
+		defaultIdTokenLifetime:            config.DefaultIdTokenLifetime.Duration,
+		defaultRefreshTokenIdleExpiration: config.DefaultRefreshTokenIdleExpiration.Duration,
+		defaultRefreshTokenExpiration:     config.DefaultRefreshTokenExpiration.Duration,
 	}
 }