MCPcopy
hub / github.com/ory/hydra / updateSessionWithRequest

Method updateSessionWithRequest

oauth2/handler.go:1396–1474  ·  view source on GitHub ↗

updateSessionWithRequest takes a session and a fosite.request as input and returns a new session. If any errors occur, they are logged.

(
	ctx context.Context,
	flow *flow.Flow,
	r *http.Request,
	request fosite.Requester,
	session *Session,
)

Source from the content-addressed store, hash-verified

1394// updateSessionWithRequest takes a session and a fosite.request as input and returns a new session.
1395// If any errors occur, they are logged.
1396func (h *Handler) updateSessionWithRequest(
1397 ctx context.Context,
1398 flow *flow.Flow,
1399 r *http.Request,
1400 request fosite.Requester,
1401 session *Session,
1402) (*Session, error) {
1403 for _, scope := range flow.GrantedScope {
1404 request.GrantScope(scope)
1405 }
1406
1407 for _, audience := range flow.GrantedAudience {
1408 request.GrantAudience(audience)
1409 }
1410
1411 openIDKeyID, err := h.r.OpenIDJWTSigner().GetPublicKeyID(ctx)
1412 if err != nil {
1413 x.LogError(r, err, h.r.Logger())
1414 return nil, err
1415 }
1416
1417 var accessTokenKeyID string
1418 if h.c.AccessTokenStrategy(ctx, client.AccessTokenStrategySource(request.GetClient())) == "jwt" {
1419 accessTokenKeyID, err = h.r.AccessTokenJWTSigner().GetPublicKeyID(ctx)
1420 if err != nil {
1421 x.LogError(r, err, h.r.Logger())
1422 return nil, err
1423 }
1424 }
1425
1426 obfuscatedSubject, err := h.r.ConsentStrategy().ObfuscateSubjectIdentifier(ctx, request.GetClient(), flow.Subject, flow.ForceSubjectIdentifier)
1427 if err != nil {
1428 x.LogError(r, err, h.r.Logger())
1429 return nil, err
1430 }
1431
1432 request.SetID(flow.ConsentRequestID.String())
1433 claims := &jwt.IDTokenClaims{
1434 Subject: obfuscatedSubject,
1435 Issuer: h.c.IssuerURL(ctx).String(),
1436 AuthTime: time.Time(flow.LoginAuthenticatedAt),
1437 RequestedAt: flow.RequestedAt,
1438 Extra: flow.SessionIDToken,
1439 AuthenticationContextClassReference: flow.ACR,
1440 AuthenticationMethodsReferences: flow.AMR,
1441
1442 // These are required for work around https://github.com/ory/hydra/v2/fosite/issues/530
1443 Nonce: request.GetRequestForm().Get("nonce"),
1444 Audience: []string{request.GetClient().GetID()},
1445 IssuedAt: time.Now().Truncate(time.Second).UTC(),
1446
1447 // This is set by the fosite strategy
1448 // ExpiresAt: time.Now().Add(h.IDTokenLifespan).UTC(),
1449 }
1450 claims.Add("sid", flow.SessionID)
1451
1452 if session == nil {
1453 session = &Session{}

Callers 2

oAuth2AuthorizeMethod · 0.95

Calls 15

AddMethod · 0.95
LogErrorFunction · 0.92
IssuerURLMethod · 0.80
ExcludeNotBeforeClaimMethod · 0.80
AllowedTopLevelClaimsMethod · 0.80
MirrorTopLevelClaimsMethod · 0.80
GrantScopeMethod · 0.65
GrantAudienceMethod · 0.65
GetPublicKeyIDMethod · 0.65
OpenIDJWTSignerMethod · 0.65
LoggerMethod · 0.65

Tested by

no test coverage detected