MCPcopy
hub / github.com/tinyauthapp/tinyauth / GenerateAccessToken

Method GenerateAccessToken

internal/service/oidc_service.go:470–517  ·  view source on GitHub ↗
(c *gin.Context, client config.OIDCClientConfig, codeEntry repository.OidcCode)

Source from the content-addressed store, hash-verified

468}
469
470func (service *OIDCService) GenerateAccessToken(c *gin.Context, client config.OIDCClientConfig, codeEntry repository.OidcCode) (TokenResponse, error) {
471 user, err := service.GetUserinfo(c, codeEntry.Sub)
472
473 if err != nil {
474 return TokenResponse{}, err
475 }
476
477 idToken, err := service.generateIDToken(client, user, codeEntry.Scope, codeEntry.Nonce)
478
479 if err != nil {
480 return TokenResponse{}, err
481 }
482
483 accessToken := utils.GenerateString(32)
484 refreshToken := utils.GenerateString(32)
485
486 tokenExpiresAt := time.Now().Add(time.Duration(service.config.SessionExpiry) * time.Second).Unix()
487
488 // Refresh token lives double the time of an access token but can't be used to access userinfo
489 refrshTokenExpiresAt := time.Now().Add(time.Duration(service.config.SessionExpiry*2) * time.Second).Unix()
490
491 tokenResponse := TokenResponse{
492 AccessToken: accessToken,
493 RefreshToken: refreshToken,
494 TokenType: "Bearer",
495 ExpiresIn: int64(service.config.SessionExpiry),
496 IDToken: idToken,
497 Scope: strings.ReplaceAll(codeEntry.Scope, ",", " "),
498 }
499
500 _, err = service.queries.CreateOidcToken(c, repository.CreateOidcTokenParams{
501 Sub: codeEntry.Sub,
502 AccessTokenHash: service.Hash(accessToken),
503 RefreshTokenHash: service.Hash(refreshToken),
504 ClientID: client.ClientID,
505 Scope: codeEntry.Scope,
506 TokenExpiresAt: tokenExpiresAt,
507 RefreshTokenExpiresAt: refrshTokenExpiresAt,
508 Nonce: codeEntry.Nonce,
509 CodeHash: codeEntry.CodeHash,
510 })
511
512 if err != nil {
513 return TokenResponse{}, err
514 }
515
516 return tokenResponse, nil
517}
518
519func (service *OIDCService) RefreshAccessToken(c *gin.Context, refreshToken string, reqClientId string) (TokenResponse, error) {
520 entry, err := service.queries.GetOidcTokenByRefreshToken(c, service.Hash(refreshToken))

Callers 1

TokenMethod · 0.80

Calls 5

GetUserinfoMethod · 0.95
generateIDTokenMethod · 0.95
HashMethod · 0.95
GenerateStringFunction · 0.92
CreateOidcTokenMethod · 0.80

Tested by

no test coverage detected