devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: refresh token login method claim

Browse Source
This commit is contained in:
Lakhan Samani 2022-11-04 01:40:18 +05:30
parent bbc6394cf3
commit 307c6f7d15
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server/handlers/token.go
View File

@ -167,7 +167,7 @@ func TokenHandler() gin.HandlerFunc {
return return
} }
userID = claims["sub"].(string) userID = claims["sub"].(string)
loginMethod := claims["login_method"] claimLoginMethod := claims["login_method"]
rolesInterface := claims["roles"].([]interface{}) rolesInterface := claims["roles"].([]interface{})
scopeInterface := claims["scope"].([]interface{}) scopeInterface := claims["scope"].([]interface{})
for _, v := range rolesInterface { for _, v := range rolesInterface {
@ -178,9 +178,11 @@ func TokenHandler() gin.HandlerFunc {
} }
sessionKey = userID sessionKey = userID
if loginMethod != nil && loginMethod != "" { if claimLoginMethod != nil && claimLoginMethod != "" {
sessionKey = loginMethod.(string) + ":" + sessionKey sessionKey = claimLoginMethod.(string) + ":" + sessionKey
loginMethod = claimLoginMethod.(string)
} }
// remove older refresh token and rotate it for security // remove older refresh token and rotate it for security
go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string)) go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string))
} }
@ -213,6 +215,7 @@ func TokenHandler() gin.HandlerFunc {
}) })
return return
} }
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash) memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token) memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
cookie.SetSession(gc, authToken.FingerPrintHash) cookie.SetSession(gc, authToken.FingerPrintHash)

1
server/token/auth_token.go
View File

@ -256,7 +256,6 @@ func ValidateRefreshToken(gc *gin.Context, refreshToken string) (map[string]inte
if loginMethod != nil && loginMethod != "" { if loginMethod != nil && loginMethod != "" {
sessionKey = loginMethod.(string) + ":" + userID sessionKey = loginMethod.(string) + ":" + userID
} }
token, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+nonce) token, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+nonce)
if nonce == "" || err != nil { if nonce == "" || err != nil {
return res, fmt.Errorf(`unauthorized`) return res, fmt.Errorf(`unauthorized`)