CreateAccessAndRefreshTokens implements the op.Storage interface it will be called for all requests able to return an access and refresh token (Authorization Code Flow, Refresh Token Request)
(ctx context.Context, request op.TokenRequest, currentRefreshToken string)
| 274 | // CreateAccessAndRefreshTokens implements the op.Storage interface |
| 275 | // it will be called for all requests able to return an access and refresh token (Authorization Code Flow, Refresh Token Request) |
| 276 | func (s *Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshToken string, expiration time.Time, err error) { |
| 277 | // generate tokens via token exchange flow if request is relevant |
| 278 | if teReq, ok := request.(op.TokenExchangeRequest); ok { |
| 279 | return s.exchangeRefreshToken(ctx, teReq) |
| 280 | } |
| 281 | |
| 282 | // get the information depending on the request type / implementation |
| 283 | applicationID, authTime, amr := getInfoFromRequest(request) |
| 284 | |
| 285 | // if currentRefreshToken is empty (Code Flow) we will have to create a new refresh token |
| 286 | if currentRefreshToken == "" { |
| 287 | refreshTokenID := uuid.NewString() |
| 288 | accessToken, err := s.accessToken(applicationID, refreshTokenID, request.GetSubject(), request.GetAudience(), request.GetScopes()) |
| 289 | if err != nil { |
| 290 | return "", "", time.Time{}, err |
| 291 | } |
| 292 | refreshToken, err := s.createRefreshToken(accessToken, amr, authTime) |
| 293 | if err != nil { |
| 294 | return "", "", time.Time{}, err |
| 295 | } |
| 296 | return accessToken.ID, refreshToken, accessToken.Expiration, nil |
| 297 | } |
| 298 | |
| 299 | // if we get here, the currentRefreshToken was not empty, so the call is a refresh token request |
| 300 | // we therefore will have to check the currentRefreshToken and renew the refresh token |
| 301 | |
| 302 | newRefreshToken = uuid.NewString() |
| 303 | |
| 304 | accessToken, err := s.accessToken(applicationID, newRefreshToken, request.GetSubject(), request.GetAudience(), request.GetScopes()) |
| 305 | if err != nil { |
| 306 | return "", "", time.Time{}, err |
| 307 | } |
| 308 | |
| 309 | if err := s.renewRefreshToken(currentRefreshToken, newRefreshToken, accessToken.ID); err != nil { |
| 310 | return "", "", time.Time{}, err |
| 311 | } |
| 312 | |
| 313 | return accessToken.ID, newRefreshToken, accessToken.Expiration, nil |
| 314 | } |
| 315 | |
| 316 | func (s *Storage) exchangeRefreshToken(ctx context.Context, request op.TokenExchangeRequest) (accessTokenID string, newRefreshToken string, expiration time.Time, err error) { |
| 317 | applicationID := request.GetClientID() |
nothing calls this directly
no test coverage detected