TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 11:04:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
15d5338b91
zitadel/internal/repository/user/human_refresh_token.go
Tim Möhlmann 6398349c24
feat(oidc): token exchange impersonation (#7516) 
* add token exchange feature flag

* allow setting reason and actor to access tokens

* impersonation

* set token types and scopes in response

* upgrade oidc to working draft state

* fix tests

* audience and scope validation

* id toke and jwt as input

* return id tokens

* add grant type  token exchange to app config

* add integration tests

* check and deny actors in api calls

* fix instance setting tests by triggering projection on write and cleanup

* insert sleep statements again

* solve linting issues

* add translations

* pin oidc v3.15.0

* resolve comments, add event translation

* fix refreshtoken test

* use ValidateAuthReqScopes from oidc

* apparently the linter can't make up its mind

* persist actor thru refresh tokens and check in tests

* remove unneeded triggers
2024-03-20 10:18:46 +00:00

189 lines
5.1 KiB
Go
Raw Blame History

package user
import (
"context"
"time"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/zerrors"
)
const (
refreshTokenEventPrefix = humanEventPrefix + "refresh.token."
HumanRefreshTokenAddedType = refreshTokenEventPrefix + "added"
HumanRefreshTokenRenewedType = refreshTokenEventPrefix + "renewed"
HumanRefreshTokenRemovedType = refreshTokenEventPrefix + "removed"
)
type HumanRefreshTokenAddedEvent struct {
eventstore.BaseEvent `json:"-"`
TokenID string `json:"tokenId"`
ClientID string `json:"clientId"`
UserAgentID string `json:"userAgentId"`
Audience []string `json:"audience"`
Scopes []string `json:"scopes"`
AuthMethodsReferences []string `json:"authMethodReferences"`
AuthTime time.Time `json:"authTime"`
IdleExpiration time.Duration `json:"idleExpiration"`
Expiration time.Duration `json:"expiration"`
PreferredLanguage string `json:"preferredLanguage"`
Actor *domain.TokenActor `json:"actor,omitempty"`
}
func (e *HumanRefreshTokenAddedEvent) Payload() interface{} {
return e
}
func (e *HumanRefreshTokenAddedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func (e *HumanRefreshTokenAddedEvent) Assets() []*eventstore.Asset {
return nil
}
func NewHumanRefreshTokenAddedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
tokenID,
clientID,
userAgentID,
preferredLanguage string,
audience,
scopes,
authMethodsReferences []string,
authTime time.Time,
idleExpiration,
expiration time.Duration,
actor *domain.TokenActor,
) *HumanRefreshTokenAddedEvent {
return &HumanRefreshTokenAddedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanRefreshTokenAddedType,
),
TokenID: tokenID,
ClientID: clientID,
UserAgentID: userAgentID,
Audience: audience,
Scopes: scopes,
AuthMethodsReferences: authMethodsReferences,
AuthTime: authTime,
IdleExpiration: idleExpiration,
Expiration: expiration,
PreferredLanguage: preferredLanguage,
Actor: actor,
}
}
func HumanRefreshTokenAddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
refreshTokenAdded := &HumanRefreshTokenAddedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := event.Unmarshal(refreshTokenAdded)
if err != nil {
return nil, zerrors.ThrowInternal(err, "USER-DGr14", "unable to unmarshal refresh token added")
}
return refreshTokenAdded, nil
}
type HumanRefreshTokenRenewedEvent struct {
eventstore.BaseEvent `json:"-"`
TokenID string `json:"tokenId"`
RefreshToken string `json:"refreshToken"`
IdleExpiration time.Duration `json:"idleExpiration"`
}
func (e *HumanRefreshTokenRenewedEvent) Payload() interface{} {
return e
}
func (e *HumanRefreshTokenRenewedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func (e *HumanRefreshTokenRenewedEvent) Assets() []*eventstore.Asset {
return nil
}
func NewHumanRefreshTokenRenewedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
tokenID,
refreshToken string,
idleExpiration time.Duration,
) *HumanRefreshTokenRenewedEvent {
return &HumanRefreshTokenRenewedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanRefreshTokenRenewedType,
),
TokenID: tokenID,
IdleExpiration: idleExpiration,
RefreshToken: refreshToken,
}
}
func HumanRefreshTokenRenewedEventEventMapper(event eventstore.Event) (eventstore.Event, error) {
tokenAdded := &HumanRefreshTokenRenewedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := event.Unmarshal(tokenAdded)
if err != nil {
return nil, zerrors.ThrowInternal(err, "USER-GBt21", "unable to unmarshal refresh token renewed")
}
return tokenAdded, nil
}
type HumanRefreshTokenRemovedEvent struct {
eventstore.BaseEvent `json:"-"`
TokenID string `json:"tokenId"`
}
func (e *HumanRefreshTokenRemovedEvent) Payload() interface{} {
return e
}
func (e *HumanRefreshTokenRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
return nil
}
func (e *HumanRefreshTokenRemovedEvent) Assets() []*eventstore.Asset {
return nil
}
func NewHumanRefreshTokenRemovedEvent(
ctx context.Context,
aggregate *eventstore.Aggregate,
tokenID string,
) *HumanRefreshTokenRemovedEvent {
return &HumanRefreshTokenRemovedEvent{
BaseEvent: *eventstore.NewBaseEventForPush(
ctx,
aggregate,
HumanRefreshTokenRemovedType,
),
TokenID: tokenID,
}
}
func HumanRefreshTokenRemovedEventEventMapper(event eventstore.Event) (eventstore.Event, error) {
tokenAdded := &HumanRefreshTokenRemovedEvent{
BaseEvent: *eventstore.BaseEventFromRepo(event),
}
err := event.Unmarshal(tokenAdded)
if err != nil {
return nil, zerrors.ThrowInternal(err, "USER-Dggs2", "unable to unmarshal refresh token removed")
}
return tokenAdded, nil
}
Reference in New Issue View Git Blame Copy Permalink