Documentation
¶
Index ¶
- type Storage
- func (s *Storage) ClientAssertionJWTValid(_ context.Context, _ string) error
- func (s *Storage) CreateAccessTokenSession(ctx context.Context, signature string, req fosite.Requester) error
- func (s *Storage) CreateAuthorizeCodeSession(ctx context.Context, signature string, req fosite.Requester) error
- func (s *Storage) CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, req fosite.Requester) error
- func (s *Storage) CreatePKCERequestSession(ctx context.Context, signature string, req fosite.Requester) error
- func (s *Storage) CreateRefreshTokenSession(ctx context.Context, signature string, accessTokenSignature string, ...) error
- func (s *Storage) DeleteAccessTokenSession(ctx context.Context, signature string) error
- func (s *Storage) DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
- func (s *Storage) DeletePKCERequestSession(ctx context.Context, signature string) error
- func (s *Storage) DeleteRefreshTokenSession(ctx context.Context, signature string) error
- func (s *Storage) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)
- func (s *Storage) GetAuthorizeCodeSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)
- func (s *Storage) GetClient(ctx context.Context, id string) (fosite.Client, error)
- func (s *Storage) GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)
- func (s *Storage) GetPKCERequestSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)
- func (s *Storage) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)
- func (s *Storage) InvalidateAuthorizeCodeSession(ctx context.Context, signature string) error
- func (s *Storage) RevokeAccessToken(ctx context.Context, requestID string) error
- func (s *Storage) RevokeRefreshToken(ctx context.Context, requestID string) error
- func (s *Storage) RotateRefreshToken(ctx context.Context, requestID string, refreshTokenSignature string) error
- func (s *Storage) SetClientAssertionJWT(_ context.Context, _ string, _ time.Time) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Storage ¶
type Storage struct {
// contains filtered or unexported fields
}
func New ¶
func New( c *clients.ClientRepository, a authcodes.Querier, o oidc.Querier, at accesstokens.Querier, rt refreshtokens.Querier, pkceRequests pkce.Querier, ) *Storage
func (*Storage) ClientAssertionJWTValid ¶
func (*Storage) CreateAccessTokenSession ¶
func (*Storage) CreateAuthorizeCodeSession ¶
func (*Storage) CreateOpenIDConnectSession ¶
func (*Storage) CreatePKCERequestSession ¶
func (*Storage) CreateRefreshTokenSession ¶
func (*Storage) DeleteAccessTokenSession ¶
func (*Storage) DeleteOpenIDConnectSession ¶
func (*Storage) DeletePKCERequestSession ¶
func (*Storage) DeleteRefreshTokenSession ¶
func (*Storage) GetAccessTokenSession ¶
func (*Storage) GetAuthorizeCodeSession ¶
func (*Storage) GetOpenIDConnectSession ¶
func (*Storage) GetPKCERequestSession ¶
func (*Storage) GetRefreshTokenSession ¶
func (*Storage) InvalidateAuthorizeCodeSession ¶
func (*Storage) RevokeAccessToken ¶
func (*Storage) RevokeRefreshToken ¶
func (*Storage) RotateRefreshToken ¶
func (s *Storage) RotateRefreshToken(ctx context.Context, requestID string, refreshTokenSignature string) error
RotateRefreshToken marks the refresh token (and the access token issued alongside it) inactive when the refresh grant rotates them. fosite calls this before issuing replacement tokens.
The access token is revoked first so that a partial failure leaves the old refresh+access pair intact (the pre-rotation state) rather than a live access token paired with a revoked refresh token.
refreshTokenSignature is required by the fosite interface for backends that track rotation lineage (RFC 6749 §10.4 token-family revocation); we revoke by request_id and don't need it for now.
TODO: make atomic when transactions land.
Click to show internal directories.
Click to hide internal directories.