fix(oidc): session refresh failure (#3603)
This fixes an issue with OpenID Connect where refresh sessions fail to process.pull/3611/head^2
James Elliott
GitHub
parent
b619f04771
commit
a6a05ef373
2
go.mod
2
go.mod
|
|
@ -22,6 +22,7 @@ require (
|
|||
github.com/knadh/koanf v1.4.2
|
||||
github.com/mattn/go-sqlite3 v2.0.3+incompatible
|
||||
github.com/mitchellh/mapstructure v1.5.0
|
||||
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
|
||||
github.com/ory/fosite v0.42.2
|
||||
github.com/ory/herodot v0.9.13
|
||||
github.com/otiai10/copy v1.7.0
|
||||
|
|
@ -76,7 +77,6 @@ require (
|
|||
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
|
||||
github.com/mitchellh/copystructure v1.2.0 // indirect
|
||||
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
|
||||
github.com/ory/go-acc v0.2.6 // indirect
|
||||
github.com/ory/go-convenience v0.1.0 // indirect
|
||||
github.com/ory/viper v1.7.5 // indirect
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/mohae/deepcopy"
|
||||
"github.com/ory/fosite"
|
||||
"github.com/ory/fosite/handler/openid"
|
||||
|
||||
|
|
@ -40,16 +41,13 @@ func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session
|
|||
var (
|
||||
subject string
|
||||
sessionOpenID *OpenIDSession
|
||||
ok bool
|
||||
sessionData []byte
|
||||
)
|
||||
|
||||
s := r.GetSession()
|
||||
|
||||
switch t := s.(type) {
|
||||
case *OpenIDSession:
|
||||
sessionOpenID = t
|
||||
default:
|
||||
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", s)
|
||||
sessionOpenID, ok = r.GetSession().(*OpenIDSession)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", r.GetSession())
|
||||
}
|
||||
|
||||
subject = sessionOpenID.GetSubject()
|
||||
|
|
@ -163,16 +161,6 @@ type OAuth2BlacklistedJTI struct {
|
|||
ExpiresAt time.Time `db:"expires_at"`
|
||||
}
|
||||
|
||||
// OpenIDSession holds OIDC Session information.
|
||||
type OpenIDSession struct {
|
||||
*openid.DefaultSession `json:"id_token"`
|
||||
|
||||
ChallengeID uuid.UUID `db:"challenge_id"`
|
||||
ClientID string
|
||||
|
||||
Extra map[string]interface{} `json:"extra"`
|
||||
}
|
||||
|
||||
// OAuth2Session represents a OAuth2.0 session.
|
||||
type OAuth2Session struct {
|
||||
ID int `db:"id"`
|
||||
|
|
@ -229,3 +217,22 @@ func (s OAuth2Session) ToRequest(ctx context.Context, session fosite.Session, st
|
|||
Session: session,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// OpenIDSession holds OIDC Session information.
|
||||
type OpenIDSession struct {
|
||||
*openid.DefaultSession `json:"id_token"`
|
||||
|
||||
ChallengeID uuid.UUID `db:"challenge_id"`
|
||||
ClientID string
|
||||
|
||||
Extra map[string]interface{} `json:"extra"`
|
||||
}
|
||||
|
||||
// Clone copies the OpenIDSession to a new fosite.Session.
|
||||
func (s *OpenIDSession) Clone() fosite.Session {
|
||||
if s == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
return deepcopy.Copy(s).(fosite.Session)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue