(c *gin.Context, client config.OIDCClientConfig, codeEntry repository.OidcCode)
| 468 | } |
| 469 | |
| 470 | func (service *OIDCService) GenerateAccessToken(c *gin.Context, client config.OIDCClientConfig, codeEntry repository.OidcCode) (TokenResponse, error) { |
| 471 | user, err := service.GetUserinfo(c, codeEntry.Sub) |
| 472 | |
| 473 | if err != nil { |
| 474 | return TokenResponse{}, err |
| 475 | } |
| 476 | |
| 477 | idToken, err := service.generateIDToken(client, user, codeEntry.Scope, codeEntry.Nonce) |
| 478 | |
| 479 | if err != nil { |
| 480 | return TokenResponse{}, err |
| 481 | } |
| 482 | |
| 483 | accessToken := utils.GenerateString(32) |
| 484 | refreshToken := utils.GenerateString(32) |
| 485 | |
| 486 | tokenExpiresAt := time.Now().Add(time.Duration(service.config.SessionExpiry) * time.Second).Unix() |
| 487 | |
| 488 | // Refresh token lives double the time of an access token but can't be used to access userinfo |
| 489 | refrshTokenExpiresAt := time.Now().Add(time.Duration(service.config.SessionExpiry*2) * time.Second).Unix() |
| 490 | |
| 491 | tokenResponse := TokenResponse{ |
| 492 | AccessToken: accessToken, |
| 493 | RefreshToken: refreshToken, |
| 494 | TokenType: "Bearer", |
| 495 | ExpiresIn: int64(service.config.SessionExpiry), |
| 496 | IDToken: idToken, |
| 497 | Scope: strings.ReplaceAll(codeEntry.Scope, ",", " "), |
| 498 | } |
| 499 | |
| 500 | _, err = service.queries.CreateOidcToken(c, repository.CreateOidcTokenParams{ |
| 501 | Sub: codeEntry.Sub, |
| 502 | AccessTokenHash: service.Hash(accessToken), |
| 503 | RefreshTokenHash: service.Hash(refreshToken), |
| 504 | ClientID: client.ClientID, |
| 505 | Scope: codeEntry.Scope, |
| 506 | TokenExpiresAt: tokenExpiresAt, |
| 507 | RefreshTokenExpiresAt: refrshTokenExpiresAt, |
| 508 | Nonce: codeEntry.Nonce, |
| 509 | CodeHash: codeEntry.CodeHash, |
| 510 | }) |
| 511 | |
| 512 | if err != nil { |
| 513 | return TokenResponse{}, err |
| 514 | } |
| 515 | |
| 516 | return tokenResponse, nil |
| 517 | } |
| 518 | |
| 519 | func (service *OIDCService) RefreshAccessToken(c *gin.Context, refreshToken string, reqClientId string) (TokenResponse, error) { |
| 520 | entry, err := service.queries.GetOidcTokenByRefreshToken(c, service.Hash(refreshToken)) |
no test coverage detected