Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Refresh token expiration window #2827

Closed
wants to merge 32 commits into from
Closed

feat: Refresh token expiration window #2827

Changes from 1 commit
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
751dbb5
add refresh_token grace period
bill-robbins-ss Oct 27, 2021
219a58e
add migration for used on refresh token
bill-robbins-ss Oct 29, 2021
efa3b8e
add refresh token grace period
bill-robbins-ss Oct 29, 2021
7a52b36
replace migration with ory dev CLI cmd
bill-robbins-ss Nov 1, 2021
45b9aea
use existing GetRefreshtTokenSession
bill-robbins-ss Nov 1, 2021
7d572aa
make FositeStorer include oauth2.TokenRevocationStorage
bill-robbins-ss Nov 1, 2021
9573041
WIP mabye grace period tests
bill-robbins-ss Nov 1, 2021
a203f4b
use test run instead of named functions
bill-robbins-ss Nov 1, 2021
1ebc99d
add documentation for example config
bill-robbins-ss Nov 1, 2021
3bb1c20
add grace period to internal config
bill-robbins-ss Nov 1, 2021
8de23dc
add refresh token grace period to token-expiration doc
bill-robbins-ss Nov 1, 2021
249264f
prettier --write
bill-robbins-ss Nov 2, 2021
821fba4
Update persistence/sql/persister_oauth2.go
bill-robbins-ss Nov 22, 2021
2e14277
update docs: consequences of reusing a used refresh token
bill-robbins-ss Nov 22, 2021
07375a9
add parent key for refresh_token_rotation
bill-robbins-ss Nov 22, 2021
09d6801
move refresh token rotation to proper parent
bill-robbins-ss Nov 22, 2021
89527fd
update documentation
bill-robbins-ss Nov 22, 2021
69ca392
remove unneeded file
bill-robbins-ss Nov 22, 2021
8fa6c8c
make encryption of session more obvious
bill-robbins-ss Nov 22, 2021
bd8a15e
rename used to in_grace_period
bill-robbins-ss Nov 22, 2021
13cdea8
when deactivating a refresh token, in_grace_period should be false
bill-robbins-ss Nov 22, 2021
1f642d3
add testing the refresh token store when grace period is configured
bill-robbins-ss Dec 3, 2021
f244b61
npx prettier --write {test,cypress}/**/*.js
bill-robbins-ss Jan 4, 2022
73556c7
Merge remote-tracking branch 'origin/master' into refresh-token-expir…
aeneasr Jan 11, 2022
a487706
cchore: format
aeneasr Jan 11, 2022
e992907
chore: update fosite
aeneasr Jan 11, 2022
d1db135
fix linting errors
bill-robbins-ss Jan 20, 2022
45a8cff
Merge remote-tracking branch 'origin/master' into refresh-token-expir…
aeneasr Feb 14, 2022
2c7b95f
fix: add max lifetime
aeneasr Feb 14, 2022
b1d37ca
fix: move migration to latest
aeneasr Feb 14, 2022
42de645
remove reflection
bill-robbins-ss Feb 16, 2022
bd2d446
Merge remote-tracking branch 'upstream/master' into refresh-token-exp…
bill-robbins-ss Feb 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
make encryption of session more obvious
  • Loading branch information
@bill-robbins-ss
bill-robbins-ss committed Nov 22, 2021
commit 8fa6c8cee2fb298afb7d18de9026acdfb2b81785
13 changes: 3 additions & 10 deletions persistence/sql/persister_oauth2.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,22 +110,15 @@ func (p *Persister) marshalSession(session fosite.Session) ([]byte, error) {
return nil, err
}

if sessionBytes, err = p.maybeEncryptSession(sessionBytes); err != nil {
return nil, err
}
return sessionBytes, nil
}

// MaybeEncryptSession encrypt a session if configuration indicates it should
func (p *Persister) maybeEncryptSession(session []byte) ([]byte, error) {
if !p.config.EncryptSessionData() {
return session, nil
return sessionBytes, nil
}

ciphertext, err := p.r.KeyCipher().Encrypt(session)
ciphertext, err := p.r.KeyCipher().Encrypt(sessionBytes)
if err != nil {
return nil, err
}

return []byte(ciphertext), nil
}

Expand Down