mirror of
https://github.com/xslasd/x-oidc.git
synced 2025-09-27 04:16:00 +08:00
57 lines
1.7 KiB
Go
57 lines
1.7 KiB
Go
package oidc
|
|
|
|
import (
|
|
"context"
|
|
"github.com/google/uuid"
|
|
"github.com/xslasd/x-oidc/constant"
|
|
"github.com/xslasd/x-oidc/ecode"
|
|
"github.com/xslasd/x-oidc/model"
|
|
"github.com/xslasd/x-oidc/storage"
|
|
"github.com/xslasd/x-oidc/util"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func (o *OpenIDProvider) codeExchange(ctx context.Context, req *TokenExchangeReq) (*model.AccessTokenRes, error) {
|
|
if req.Code == "" {
|
|
return nil, ecode.CodeInvalid
|
|
}
|
|
client, err := o.cfg.Storage.GetClientByClientID(ctx, req.ClientID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = authenticatedClient(req.OAuthClientReq, client)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
authReq, err := o.cfg.Storage.AuthRequestByCode(ctx, req.Code)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
err = authorizeCodeChallenge(req, authReq)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return o.CreateAccessTokenAndIDToken(ctx, authReq, client, func() (*storage.TokenModel, error) {
|
|
createRefreshToken := false
|
|
if util.ArrayContains(authReq.Scopes, constant.ScopeOfflineAccess) && authReq.ResponseType == constant.ResponseTypeCode && util.ArrayContains(client.GrantTypes(), constant.GrantTypeRefreshToken) {
|
|
createRefreshToken = true
|
|
}
|
|
res := storage.TokenModel{
|
|
RequestID: authReq.RequestID,
|
|
TokenID: strings.ReplaceAll(uuid.NewString(), "-", ""),
|
|
UserID: authReq.UserID,
|
|
AccessTokenExpiration: time.Now().UTC().Add(client.AccessTokenLifetime()).Add(client.ClockSkew()),
|
|
AuthTime: time.Now().UTC(),
|
|
}
|
|
if createRefreshToken {
|
|
res.RefreshToken = strings.ReplaceAll(uuid.NewString(), "-", "")
|
|
res.RefreshTokenExpiration = time.Now().UTC().Add(client.RefreshTokenLifetime()).Add(client.ClockSkew())
|
|
}
|
|
err = o.cfg.Storage.SaveTokenModel(ctx, res)
|
|
return &res, err
|
|
})
|
|
}
|