MCPcopy
hub / github.com/zitadel/oidc / CreateAccessAndRefreshTokens

Method CreateAccessAndRefreshTokens

example/server/storage/storage.go:276–314  ·  view source on GitHub ↗

CreateAccessAndRefreshTokens implements the op.Storage interface it will be called for all requests able to return an access and refresh token (Authorization Code Flow, Refresh Token Request)

(ctx context.Context, request op.TokenRequest, currentRefreshToken string)

Source from the content-addressed store, hash-verified

274// CreateAccessAndRefreshTokens implements the op.Storage interface
275// it will be called for all requests able to return an access and refresh token (Authorization Code Flow, Refresh Token Request)
276func (s *Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshToken string, expiration time.Time, err error) {
277 // generate tokens via token exchange flow if request is relevant
278 if teReq, ok := request.(op.TokenExchangeRequest); ok {
279 return s.exchangeRefreshToken(ctx, teReq)
280 }
281
282 // get the information depending on the request type / implementation
283 applicationID, authTime, amr := getInfoFromRequest(request)
284
285 // if currentRefreshToken is empty (Code Flow) we will have to create a new refresh token
286 if currentRefreshToken == "" {
287 refreshTokenID := uuid.NewString()
288 accessToken, err := s.accessToken(applicationID, refreshTokenID, request.GetSubject(), request.GetAudience(), request.GetScopes())
289 if err != nil {
290 return "", "", time.Time{}, err
291 }
292 refreshToken, err := s.createRefreshToken(accessToken, amr, authTime)
293 if err != nil {
294 return "", "", time.Time{}, err
295 }
296 return accessToken.ID, refreshToken, accessToken.Expiration, nil
297 }
298
299 // if we get here, the currentRefreshToken was not empty, so the call is a refresh token request
300 // we therefore will have to check the currentRefreshToken and renew the refresh token
301
302 newRefreshToken = uuid.NewString()
303
304 accessToken, err := s.accessToken(applicationID, newRefreshToken, request.GetSubject(), request.GetAudience(), request.GetScopes())
305 if err != nil {
306 return "", "", time.Time{}, err
307 }
308
309 if err := s.renewRefreshToken(currentRefreshToken, newRefreshToken, accessToken.ID); err != nil {
310 return "", "", time.Time{}, err
311 }
312
313 return accessToken.ID, newRefreshToken, accessToken.Expiration, nil
314}
315
316func (s *Storage) exchangeRefreshToken(ctx context.Context, request op.TokenExchangeRequest) (accessTokenID string, newRefreshToken string, expiration time.Time, err error) {
317 applicationID := request.GetClientID()

Callers

nothing calls this directly

Implementers 7

Storageexample/server/storage/storage.go
multiStorageexample/server/storage/storage_dynamic
UnimplementedServerpkg/op/server.go
LegacyServerpkg/op/server_legacy.go
Sigpkg/op/mock/authorizer.mock.impl.go
MockStoragepkg/op/mock/storage.mock.go
MockStorageMockRecorderpkg/op/mock/storage.mock.go

Calls 8

exchangeRefreshTokenMethod · 0.95
accessTokenMethod · 0.95
createRefreshTokenMethod · 0.95
renewRefreshTokenMethod · 0.95
getInfoFromRequestFunction · 0.85
GetSubjectMethod · 0.65
GetAudienceMethod · 0.65
GetScopesMethod · 0.65

Tested by

no test coverage detected