add refresh for oauth2 [#523]

rokwire · Aug 23, 2022 · 78cd45a · 78cd45a
1 parent cba5e7a
commit 78cd45a
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 4 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -193,7 +193,7 @@
         "filename": "core/auth/auth_type_oauth2.go",
         "hashed_secret": "15a46c63d80cdc62bb7e988a24b5839ecb624e25",
         "is_verified": false,
-        "line_number": 242
+        "line_number": 283
       }
     ],
     "core/auth/auth_type_oidc.go": [
@@ -288,5 +288,5 @@
       }
     ]
   },
-  "generated_at": "2022-08-23T17:19:19Z"
+  "generated_at": "2022-08-23T18:15:51Z"
 }
diff --git a/core/auth/auth_type_oauth2.go b/core/auth/auth_type_oauth2.go
@@ -55,6 +55,7 @@ type oauth2AuthConfig struct {
 	Scopes       string `json:"scopes"`
 	AllowSignUp  bool   `json:"allow_signup"`
 	UseState     bool   `json:"use_state"`
+	UseRefresh   bool   `json:"use_refresh"`
 	ClientID     string `json:"client_id" validate:"required"`
 	ClientSecret string `json:"client_secret" validate:"required"`
 }
@@ -73,6 +74,20 @@ type oauth2RefreshParams struct {
 	RefreshToken string `json:"refresh_token" bson:"refresh_token" validate:"required"`
 }
 
+func oauth2RefreshParamsFromMap(val map[string]interface{}) (*oauth2RefreshParams, error) {
+	oauth2Token, ok := val["oauth2_token"].(map[string]interface{})
+	if !ok {
+		return nil, errors.ErrorData(logutils.StatusMissing, "oauth2 token", nil)
+	}
+
+	refreshToken, ok := oauth2Token["refresh_token"].(string)
+	if !ok {
+		return nil, errors.ErrorData(logutils.StatusMissing, "refresh token", nil)
+	}
+
+	return &oauth2RefreshParams{RefreshToken: refreshToken}, nil
+}
+
 func (a *oauth2AuthImpl) externalLogin(authType model.AuthType, appType model.ApplicationType, appOrg model.ApplicationOrganization, creds string, params string, l *logs.Log) (*model.ExternalSystemUser, map[string]interface{}, error) {
 	oauth2Config, err := a.getOAuth2AuthConfig(authType, appType)
 	if err != nil {
@@ -111,7 +126,17 @@ func (a *oauth2AuthImpl) externalLogin(authType model.AuthType, appType model.Ap
 }
 
 func (a *oauth2AuthImpl) refresh(params map[string]interface{}, authType model.AuthType, appType model.ApplicationType, appOrg model.ApplicationOrganization, l *logs.Log) (*model.ExternalSystemUser, map[string]interface{}, error) {
-	return nil, nil, errors.New(logutils.Unimplemented)
+	refreshParams, err := oauth2RefreshParamsFromMap(params)
+	if err != nil {
+		return nil, nil, errors.WrapErrorAction(logutils.ActionParse, typeAuthRefreshParams, nil, err)
+	}
+
+	oauth2Config, err := a.getOAuth2AuthConfig(authType, appType)
+	if err != nil {
+		return nil, nil, errors.WrapErrorAction(logutils.ActionGet, typeOAuth2AuthConfig, nil, err)
+	}
+
+	return a.refreshToken(authType, appType, appOrg, refreshParams, oauth2Config, l)
 }
 
 func (a *oauth2AuthImpl) getLoginURL(authType model.AuthType, appType model.ApplicationType, redirectURI string, l *logs.Log) (string, map[string]interface{}, error) {
@@ -161,6 +186,22 @@ func (a *oauth2AuthImpl) newToken(code string, authType model.AuthType, appType
 	return a.loadOAuth2TokensAndInfo(bodyData, oauth2Config, authType, appType, appOrg, l)
 }
 
+func (a *oauth2AuthImpl) refreshToken(authType model.AuthType, appType model.ApplicationType, appOrg model.ApplicationOrganization,
+	params *oauth2RefreshParams, oauth2Config *oauth2AuthConfig, l *logs.Log) (*model.ExternalSystemUser, map[string]interface{}, error) {
+	if !oauth2Config.UseRefresh {
+		return nil, nil, errors.Newf("oauth2 refresh tokens not enabled for org_id=%s, app_id=%s",
+			appOrg.Organization.ID, appOrg.Application.ID)
+	}
+
+	bodyData := map[string]string{
+		"refresh_token": params.RefreshToken,
+		"grant_type":    "refresh_token",
+		"client_id":     oauth2Config.ClientID,
+	}
+
+	return a.loadOAuth2TokensAndInfo(bodyData, oauth2Config, authType, appType, appOrg, l)
+}
+
 func (a *oauth2AuthImpl) loadOAuth2TokensAndInfo(bodyData map[string]string, oauth2Config *oauth2AuthConfig, authType model.AuthType, appType model.ApplicationType,
 	appOrg model.ApplicationOrganization, l *logs.Log) (*model.ExternalSystemUser, map[string]interface{}, error) {
 	token, err := a.loadOAuth2TokenWithParams(bodyData, oauth2Config)

diff --git a/core/auth/auth_type_oidc.go b/core/auth/auth_type_oidc.go
@@ -252,7 +252,7 @@ func (a *oidcAuthImpl) newToken(code string, authType model.AuthType, appType mo
 func (a *oidcAuthImpl) refreshToken(authType model.AuthType, appType model.ApplicationType, appOrg model.ApplicationOrganization,
 	params *oidcRefreshParams, oidcConfig *oidcAuthConfig, l *logs.Log) (*model.ExternalSystemUser, map[string]interface{}, error) {
 	if !oidcConfig.UseRefresh {
-		return nil, nil, errors.Newf("refresh tokens not enabled for org_id=%s, app_id=%s",
+		return nil, nil, errors.Newf("oidc refresh tokens not enabled for org_id=%s, app_id=%s",
 			appOrg.Organization.ID, appOrg.Application.ID)
 	}