-
-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: refresh token rotation #838
Open
aeneasr
wants to merge
3
commits into
master
Choose a base branch
from
improve-refresh
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aeneasr
force-pushed
the
improve-refresh
branch
from
December 3, 2024 21:18
838a43d
to
4cc28f4
Compare
Previously, the refresh token handler was using a combination of delete/update storage primitives. This made optimizing and implementing the refresh token handling difficult. Going forward, the RefreshTokenStorage must implement `RotateRefreshToken`. Token creation continues to be separated. BREAKING CHANGES: Method `RevokeRefreshTokenMaybeGracePeriod` was removed from `handler/fosite/TokenRevocationStorage`. Interface `handler/fosite/RefreshTokenStorage` has changed: - `CreateRefreshToken` now takes an additional argument `accessSignature` to keep track of refresh/access token pairs: - A new method `RotateRefreshToken` was added, which revokes old refresh tokens and associated access tokens: ```patch // handler/fosite/storage.go type RefreshTokenStorage interface { - CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error) + CreateRefreshTokenSession(ctx context.Context, signature string, accessSignature string, request fosite.Requester) (err error) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) DeleteRefreshTokenSession(ctx context.Context, signature string) (err error) + RotateRefreshToken(ctx context.Context, requestID string, refreshTokenSignature string) (err error) } ```
aeneasr
force-pushed
the
improve-refresh
branch
from
December 4, 2024 09:06
9255ff3
to
9a18e70
Compare
aeneasr
force-pushed
the
improve-refresh
branch
from
December 4, 2024 09:33
9a18e70
to
117effb
Compare
aeneasr
force-pushed
the
improve-refresh
branch
from
December 4, 2024 10:08
117effb
to
b57570a
Compare
7 tasks
alnr
approved these changes
Dec 9, 2024
zepatrik
requested changes
Dec 10, 2024
aeneasr
force-pushed
the
improve-refresh
branch
from
December 11, 2024 08:58
6c4e8fd
to
57cf545
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issue or Design Document
Checklist
If this pull request addresses a security vulnerability,
I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
Further comments