-
-
Notifications
You must be signed in to change notification settings - Fork 367
/
client_with_custom_token_lifespans.go
104 lines (94 loc) · 4.53 KB
/
client_with_custom_token_lifespans.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package fosite
import "time"
// GetEffectiveLifespan either maps GrantType x TokenType to the client's configured lifespan, or returns the fallback value.
func GetEffectiveLifespan(c Client, gt GrantType, tt TokenType, fallback time.Duration) time.Duration {
if clc, ok := c.(ClientWithCustomTokenLifespans); ok {
return clc.GetEffectiveLifespan(gt, tt, fallback)
}
return fallback
}
type ClientWithCustomTokenLifespans interface {
// GetEffectiveLifespan either maps GrantType x TokenType to the client's configured lifespan, or returns the fallback value.
GetEffectiveLifespan(gt GrantType, tt TokenType, fallback time.Duration) time.Duration
}
// ClientLifespanConfig holds default lifespan configuration for the different
// token types that may be issued for the client. This configuration takes
// precedence over fosite's instance-wide default lifespan, but it may be
// overridden by a session's expires_at claim.
//
// The OIDC Hybrid grant type inherits token lifespan configuration from the implicit grant.
type ClientLifespanConfig struct {
AuthorizationCodeGrantAccessTokenLifespan *time.Duration `json:"authorization_code_grant_access_token_lifespan"`
AuthorizationCodeGrantIDTokenLifespan *time.Duration `json:"authorization_code_grant_id_token_lifespan"`
AuthorizationCodeGrantRefreshTokenLifespan *time.Duration `json:"authorization_code_grant_refresh_token_lifespan"`
ClientCredentialsGrantAccessTokenLifespan *time.Duration `json:"client_credentials_grant_access_token_lifespan"`
ImplicitGrantAccessTokenLifespan *time.Duration `json:"implicit_grant_access_token_lifespan"`
ImplicitGrantIDTokenLifespan *time.Duration `json:"implicit_grant_id_token_lifespan"`
JwtBearerGrantAccessTokenLifespan *time.Duration `json:"jwt_bearer_grant_access_token_lifespan"`
PasswordGrantAccessTokenLifespan *time.Duration `json:"password_grant_access_token_lifespan"`
PasswordGrantRefreshTokenLifespan *time.Duration `json:"password_grant_refresh_token_lifespan"`
RefreshTokenGrantIDTokenLifespan *time.Duration `json:"refresh_token_grant_id_token_lifespan"`
RefreshTokenGrantAccessTokenLifespan *time.Duration `json:"refresh_token_grant_access_token_lifespan"`
RefreshTokenGrantRefreshTokenLifespan *time.Duration `json:"refresh_token_grant_refresh_token_lifespan"`
//Hybrid grant tokens are not independently configurable, see the comment above.
}
type DefaultClientWithCustomTokenLifespans struct {
*DefaultClient
TokenLifespans *ClientLifespanConfig `json:"token_lifespans"`
}
func (c *DefaultClientWithCustomTokenLifespans) GetTokenLifespans() *ClientLifespanConfig {
return c.TokenLifespans
}
func (c *DefaultClientWithCustomTokenLifespans) SetTokenLifespans(lifespans *ClientLifespanConfig) {
c.TokenLifespans = lifespans
}
// GetEffectiveLifespan either maps GrantType x TokenType to the client's configured lifespan, or returns the fallback value.
func (c *DefaultClientWithCustomTokenLifespans) GetEffectiveLifespan(gt GrantType, tt TokenType, fallback time.Duration) time.Duration {
if c.TokenLifespans == nil {
return fallback
}
var cl *time.Duration
if gt == GrantTypeAuthorizationCode {
if tt == AccessToken {
cl = c.TokenLifespans.AuthorizationCodeGrantAccessTokenLifespan
} else if tt == IDToken {
cl = c.TokenLifespans.AuthorizationCodeGrantIDTokenLifespan
} else if tt == RefreshToken {
cl = c.TokenLifespans.AuthorizationCodeGrantRefreshTokenLifespan
}
} else if gt == GrantTypeClientCredentials {
if tt == AccessToken {
cl = c.TokenLifespans.ClientCredentialsGrantAccessTokenLifespan
}
} else if gt == GrantTypeImplicit {
if tt == AccessToken {
cl = c.TokenLifespans.ImplicitGrantAccessTokenLifespan
} else if tt == IDToken {
cl = c.TokenLifespans.ImplicitGrantIDTokenLifespan
}
} else if gt == GrantTypeJWTBearer {
if tt == AccessToken {
cl = c.TokenLifespans.JwtBearerGrantAccessTokenLifespan
}
} else if gt == GrantTypePassword {
if tt == AccessToken {
cl = c.TokenLifespans.PasswordGrantAccessTokenLifespan
} else if tt == RefreshToken {
cl = c.TokenLifespans.PasswordGrantRefreshTokenLifespan
}
} else if gt == GrantTypeRefreshToken {
if tt == AccessToken {
cl = c.TokenLifespans.RefreshTokenGrantAccessTokenLifespan
} else if tt == IDToken {
cl = c.TokenLifespans.RefreshTokenGrantIDTokenLifespan
} else if tt == RefreshToken {
cl = c.TokenLifespans.RefreshTokenGrantRefreshTokenLifespan
}
}
if cl == nil {
return fallback
}
return *cl
}