Skip to content

Commit

Permalink
Merge pull request #13 from caos/token
Browse files Browse the repository at this point in the history 
Token
  • Loading branch information
@livio-a
livio-a authored Feb 27, 2020
2 parents d25ffbe + 4de855d commit 3019f79
Show file tree
Hide file tree
Showing 8 changed files with 43 additions and 30 deletions.
6 changes: 3 additions & 3 deletions example/internal/mock/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,9 @@ func (s *AuthStorage) AuthRequestByID(_ context.Context, id string) (op.AuthRequ
}
return a, nil
}
func (s *AuthStorage) CreateToken(_ context.Context, authReq op.AuthRequest) (string, time.Time, error) {
return authReq.GetID(), time.Now().UTC().Add(5 * time.Minute), nil
}
func (s *AuthStorage) GetSigningKey(_ context.Context, keyCh chan<- jose.SigningKey, _ chan<- error, _ <-chan time.Time) {
keyCh <- jose.SigningKey{Algorithm: jose.RS256, Key: s.key}
}
Expand Down Expand Up @@ -243,9 +246,6 @@ func (c *ConfClient) GetAuthMethod() op.AuthMethod {
return c.authMethod
}

func (c *ConfClient) AccessTokenLifetime() time.Duration {
return time.Duration(5 * time.Minute)
}
func (c *ConfClient) IDTokenLifetime() time.Duration {
return time.Duration(5 * time.Minute)
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/op/authrequest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ func AuthResponseCode(w http.ResponseWriter, r *http.Request, authReq AuthReques

func AuthResponseToken(w http.ResponseWriter, r *http.Request, authReq AuthRequest, authorizer Authorizer, client Client) {
createAccessToken := authReq.GetResponseType() != oidc.ResponseTypeIDTokenOnly
resp, err := CreateTokenResponse(authReq, client, authorizer, createAccessToken, "")
resp, err := CreateTokenResponse(r.Context(), authReq, client, authorizer, createAccessToken, "")
if err != nil {
AuthRequestError(w, r, authReq, err, authorizer.Encoder())
return
Expand Down
1 change: 0 additions & 1 deletion pkg/op/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ type Client interface {
GetAuthMethod() AuthMethod
LoginURL(string) string
AccessTokenType() AccessTokenType
AccessTokenLifetime() time.Duration
IDTokenLifetime() time.Duration
}

Expand Down
14 changes: 0 additions & 14 deletions pkg/op/mock/client.mock.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 16 additions & 0 deletions pkg/op/mock/storage.mock.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions pkg/op/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ type AuthStorage interface {
AuthRequestByID(context.Context, string) (AuthRequest, error)
DeleteAuthRequest(context.Context, string) error

CreateToken(context.Context, AuthRequest) (string, time.Time, error)

GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan time.Time)
GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
SaveNewKeyPair(context.Context) error
Expand Down
30 changes: 20 additions & 10 deletions pkg/op/token.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package op

import (
"context"
"time"

"github.com/caos/oidc/pkg/oidc"
Expand All @@ -13,11 +14,12 @@ type TokenCreator interface {
Crypto() Crypto
}

func CreateTokenResponse(authReq AuthRequest, client Client, creator TokenCreator, createAccessToken bool, code string) (*oidc.AccessTokenResponse, error) {
func CreateTokenResponse(ctx context.Context, authReq AuthRequest, client Client, creator TokenCreator, createAccessToken bool, code string) (*oidc.AccessTokenResponse, error) {
var accessToken string
var validity time.Duration
if createAccessToken {
var err error
accessToken, err = CreateAccessToken(authReq, client, creator)
accessToken, validity, err = CreateAccessToken(ctx, authReq, client, creator)
if err != nil {
return nil, err
}
Expand All @@ -26,7 +28,8 @@ func CreateTokenResponse(authReq AuthRequest, client Client, creator TokenCreato
if err != nil {
return nil, err
}
exp := uint64(client.AccessTokenLifetime().Seconds())

exp := uint64(validity.Seconds())
return &oidc.AccessTokenResponse{
AccessToken: accessToken,
IDToken: idToken,
Expand All @@ -35,28 +38,35 @@ func CreateTokenResponse(authReq AuthRequest, client Client, creator TokenCreato
}, nil
}

func CreateAccessToken(authReq AuthRequest, client Client, creator TokenCreator) (string, error) {
func CreateAccessToken(ctx context.Context, authReq AuthRequest, client Client, creator TokenCreator) (token string, validity time.Duration, err error) {
id, exp, err := creator.Storage().CreateToken(ctx, authReq)
if err != nil {
return "", 0, err
}
validity = exp.Sub(time.Now().UTC())
if client.AccessTokenType() == AccessTokenTypeJWT {
return CreateJWT(creator.Issuer(), authReq, client, creator.Signer())
token, err = CreateJWT(creator.Issuer(), authReq, exp, id, creator.Signer())
return
}
return CreateBearerToken(authReq, creator.Crypto())
token, err = CreateBearerToken(id, creator.Crypto())
return
}

func CreateBearerToken(authReq AuthRequest, crypto Crypto) (string, error) {
return crypto.Encrypt(authReq.GetID())
func CreateBearerToken(id string, crypto Crypto) (string, error) {
return crypto.Encrypt(id)
}

func CreateJWT(issuer string, authReq AuthRequest, client Client, signer Signer) (string, error) {
func CreateJWT(issuer string, authReq AuthRequest, exp time.Time, id string, signer Signer) (string, error) {
now := time.Now().UTC()
nbf := now
exp := now.Add(client.AccessTokenLifetime())
claims := &oidc.AccessTokenClaims{
Issuer: issuer,
Subject: authReq.GetSubject(),
Audiences: authReq.GetAudience(),
Expiration: exp,
IssuedAt: now,
NotBefore: nbf,
JWTID: id,
}
return signer.SignAccessToken(claims)
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/op/tokenrequest.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func CodeExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger) {
ExchangeRequestError(w, r, err)
return
}
resp, err := CreateTokenResponse(authReq, client, exchanger, true, tokenReq.Code)
resp, err := CreateTokenResponse(r.Context(), authReq, client, exchanger, true, tokenReq.Code)
if err != nil {
ExchangeRequestError(w, r, err)
return
Expand Down

0 comments on commit 3019f79

Please sign in to comment.