View Source
const (
	DefaultRefreshTokenPayloadLength = 64
	TokenDelimer                     = "/"


View Source
var (
	ErrorInvalidUserID   = errors.New("invalid user ID")
	ErrorInvalidClientID = errors.New("invalid client ID")

	ErrorInvalidToken = errors.New("invalid token")


func DefaultRefreshTokenGenerator

func DefaultRefreshTokenGenerator() ([]byte, error)


type RefreshTokenGenerator

type RefreshTokenGenerator func() ([]byte, error)

func (RefreshTokenGenerator) Generate

func (g RefreshTokenGenerator) Generate() ([]byte, error)

type RefreshTokenRepo

type RefreshTokenRepo interface {
	// Create generates and returns a new refresh token for the given client-user pair.
	// The scopes will be stored with the refresh token, and used to verify
	// against future OIDC refresh requests' scopes.
	// On success the token will be returned.
	Create(userID, clientID, connectorID string, scope []string) (string, error)

	// Verify verifies that a token belongs to the client.
	// It returns the user ID to which the token belongs, and the scopes stored
	// with token.
	Verify(clientID, token string) (userID, connectorID string, scope scope.Scopes, err error)

	// Revoke deletes the refresh token if the token belongs to the given userID.
	Revoke(userID, token string) error

	// Revoke old refresh token and generates a new one
	RenewRefreshToken(clientID, userID, oldToken string) (newRefreshToken string, err error)

	// RevokeTokensForClient revokes all tokens issued for the userID for the provided client.
	RevokeTokensForClient(userID, clientID string) error

	// ClientsWithRefreshTokens returns a list of all clients the user has an outstanding client with.
	ClientsWithRefreshTokens(userID string) ([]client.Client, error)

Source Files


Path Synopsis