feat: token revocation and OP certification (#2594)

* fix: try using only user session if no user is set (id_token_hint) on prompt none * fix caos errors As implementation * implement request mode * return explicit error on invalid refresh token use * begin token revocation * token revocation * tests * tests * cleanup * set op config * add revocation endpoint to config * add revocation endpoint to config * migration version * error handling in token revocation * migration version * update oidc lib to 1.0.0
2025-08-11 20:57:31 +00:00 · 2021-11-03 08:35:24 +01:00
parent 8df5614e4d
commit fc6154cffc
25 changed files with 638 additions and 236 deletions
--- a/internal/command/user_human_refresh_token_model.go
+++ b/internal/command/user_human_refresh_token_model.go
@@ -67,7 +67,11 @@ func (wm *HumanRefreshTokenWriteModel) Reduce() error {
 			}
 			wm.RefreshToken = e.RefreshToken
 			wm.IdleExpiration = e.CreationDate().Add(e.IdleExpiration)
-		case *user.HumanRefreshTokenRemovedEvent:
+		case *user.HumanRefreshTokenRemovedEvent,
+			*user.HumanSignedOutEvent,
+			*user.UserLockedEvent,
+			*user.UserDeactivatedEvent,
+			*user.UserRemovedEvent:
 			wm.UserState = domain.UserStateDeleted
 		}
 	}
@@ -83,6 +87,9 @@ func (wm *HumanRefreshTokenWriteModel) Query() *eventstore.SearchQueryBuilder {
 			user.HumanRefreshTokenAddedType,
 			user.HumanRefreshTokenRenewedType,
 			user.HumanRefreshTokenRemovedType,
+			user.HumanSignedOutType,
+			user.UserLockedType,
+			user.UserDeactivatedType,
 			user.UserRemovedType).
 		Builder()