feat: token revocation and OP certification (#2594)

* fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0
2025-08-12 12:07:37 +00:00 · 2021-11-03 08:35:24 +01:00
parent 8df5614e4d
commit fc6154cffc
25 changed files with 638 additions and 236 deletions
--- a/internal/auth/repository/eventsourcing/view/token.go
+++ b/internal/auth/repository/eventsourcing/view/token.go
@@ -68,6 +68,14 @@ func (v *View) DeleteApplicationTokens(event *models.Event, ids ...string) error
 	return v.ProcessedTokenSequence(event)
 }

+func (v *View) DeleteTokensFromRefreshToken(refreshTokenID string, event *models.Event) error {
+	err := usr_view.DeleteTokensFromRefreshToken(v.Db, tokenTable, refreshTokenID)
+	if err != nil && !errors.IsNotFound(err) {
+		return err
+	}
+	return v.ProcessedTokenSequence(event)
+}
+
 func (v *View) GetLatestTokenSequence() (*repository.CurrentSequence, error) {
 	return v.latestSequence(tokenTable)
 }