CreateRefreshToken util to create JWT token
(cfg *AuthTokenConfig)
| 191 | |
| 192 | // CreateRefreshToken util to create JWT token |
| 193 | func (p *provider) CreateRefreshToken(cfg *AuthTokenConfig) (string, int64, error) { |
| 194 | // Lifetime is configurable via --refresh-token-expires-in (seconds). |
| 195 | // Default 30 days when unset or non-positive. |
| 196 | expirySeconds := p.config.RefreshTokenExpiresIn |
| 197 | if expirySeconds <= 0 { |
| 198 | expirySeconds = 60 * 60 * 24 * 30 |
| 199 | } |
| 200 | expiryBound := time.Duration(expirySeconds) * time.Second |
| 201 | expiresAt := time.Now().Add(expiryBound).Unix() |
| 202 | customClaims := jwt.MapClaims{ |
| 203 | "iss": cfg.HostName, |
| 204 | "aud": p.config.ClientID, |
| 205 | "sub": cfg.User.ID, |
| 206 | "exp": expiresAt, |
| 207 | "iat": time.Now().Unix(), |
| 208 | "token_type": constants.TokenTypeRefreshToken, |
| 209 | "roles": cfg.Roles, |
| 210 | "scope": cfg.Scope, |
| 211 | "nonce": cfg.Nonce, |
| 212 | "login_method": cfg.LoginMethod, |
| 213 | "allowed_roles": strings.Split(cfg.User.Roles, ","), |
| 214 | } |
| 215 | |
| 216 | token, err := p.SignJWTToken(customClaims) |
| 217 | if err != nil { |
| 218 | return "", 0, err |
| 219 | } |
| 220 | |
| 221 | return token, expiresAt, nil |
| 222 | } |
| 223 | |
| 224 | // CreateAccessToken util to create JWT token, based on |
| 225 | // user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT |
no test coverage detected