make accesstoken store not s2s-specific

auth/api/iam/api.go

@@ -49,6 +49,10 @@ const apiPath = "iam"
 const apiModuleName = auth.ModuleName + "/" + apiPath
 const httpRequestContextKey = "http-request"
 
+// accessTokenValidity defines how long access tokens are valid.
+// TODO: Might want to make this configurable at some point
+const accessTokenValidity = 15 * time.Minute
+
 //go:embed assets
 var assets embed.FS
 
@@ -167,7 +171,7 @@ func (r Wrapper) IntrospectAccessToken(ctx context.Context, request IntrospectAc
 	}
 
 	token := AccessToken{}
-	if err := r.s2sAccessTokenStore().Get(request.Body.Token, &token); err != nil {
+	if err := r.accessTokenStore().Get(request.Body.Token, &token); err != nil {
 		// Return 200 + 'Active = false' when token is invalid or malformed
 		return IntrospectAccessToken200JSONResponse{}, err
 	}
@@ -391,3 +395,7 @@ func (r Wrapper) idToDID(id string) did.DID {
 	result, _ := didweb.URLToDID(*r.auth.PublicURL().JoinPath("iam", id))
 	return *result
 }
+
+func (r *Wrapper) accessTokenStore() storage.SessionStore {
+	return r.storageEngine.GetSessionDatabase().GetStore(accessTokenValidity, "accesstoken")
+}

auth/api/iam/api_test.go

@@ -247,7 +247,7 @@ func TestWrapper_IntrospectAccessToken(t *testing.T) {
 	})
 	t.Run("error - expired token", func(t *testing.T) {
 		token := AccessToken{Expiration: time.Now().Add(-time.Second)}
-		require.NoError(t, ctx.client.s2sAccessTokenStore().Put("token", token))
+		require.NoError(t, ctx.client.accessTokenStore().Put("token", token))
 
 		res, err := ctx.client.IntrospectAccessToken(context.Background(), IntrospectAccessTokenRequestObject{Body: &TokenIntrospectionRequest{Token: "token"}})
 
@@ -256,7 +256,7 @@ func TestWrapper_IntrospectAccessToken(t *testing.T) {
 	})
 	t.Run("ok", func(t *testing.T) {
 		token := AccessToken{Expiration: time.Now().Add(time.Second)}
-		require.NoError(t, ctx.client.s2sAccessTokenStore().Put("token", token))
+		require.NoError(t, ctx.client.accessTokenStore().Put("token", token))
 
 		res, err := ctx.client.IntrospectAccessToken(context.Background(), IntrospectAccessTokenRequestObject{Body: &TokenIntrospectionRequest{Token: "token"}})
 
@@ -287,7 +287,7 @@ func TestWrapper_IntrospectAccessToken(t *testing.T) {
 			PresentationDefinition:         &pe.PresentationDefinition{},
 		}
 
-		require.NoError(t, ctx.client.s2sAccessTokenStore().Put(token.Token, token))
+		require.NoError(t, ctx.client.accessTokenStore().Put(token.Token, token))
 		expectedResponse, err := json.Marshal(IntrospectAccessToken200JSONResponse{
 			Active:                         true,
 			ClientId:                       ptrTo("client"),

auth/api/iam/s2s_vptoken.go

@@ -35,10 +35,6 @@ import (
 	"github.com/nuts-foundation/nuts-node/vdr/resolver"
 )
 
-// accessTokenValidity defines how long access tokens are valid.
-// TODO: Might want to make this configurable at some point
-const accessTokenValidity = 15 * time.Minute
-
 // s2sMaxPresentationValidity defines the maximum validity of a presentation.
 // This is to prevent replay attacks. The value is specified by Nuts RFC021, and excludes max. clock skew.
 const s2sMaxPresentationValidity = 5 * time.Second
@@ -165,7 +161,7 @@ func (r *Wrapper) createS2SAccessToken(issuer did.DID, issueTime time.Time, pres
 		PresentationDefinition: &definition,
 		PresentationSubmission: &submission,
 	}
-	err = r.s2sAccessTokenStore().Put(accessToken.Token, accessToken)
+	err = r.accessTokenStore().Put(accessToken.Token, accessToken)
 	if err != nil {
 		return nil, fmt.Errorf("unable to store access token: %w", err)
 	}
@@ -312,10 +308,6 @@ func (r *Wrapper) validatePresentationAudience(presentation vc.VerifiablePresent
 	}
 }
 
-func (r *Wrapper) s2sAccessTokenStore() storage.SessionStore {
-	return r.storageEngine.GetSessionDatabase().GetStore(accessTokenValidity, "s2s", "accesstoken")
-}
-
 type AccessToken struct {
 	Token string
 	// Issuer and Subject of a token are always the same.

auth/api/iam/s2s_vptoken_test.go

@@ -418,7 +418,7 @@ func TestWrapper_createAccessToken(t *testing.T) {
 		assert.Equal(t, "everything", *accessToken.Scope)
 
 		var storedToken AccessToken
-		err = ctx.client.s2sAccessTokenStore().Get(accessToken.AccessToken, &storedToken)
+		err = ctx.client.accessTokenStore().Get(accessToken.AccessToken, &storedToken)
 		require.NoError(t, err)
 		assert.Equal(t, accessToken.AccessToken, storedToken.Token)
 		assert.Equal(t, submission, *storedToken.PresentationSubmission)