This repository has been archived by the owner on Sep 11, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 830
OIDC: refresh tokens #11699
Merged
Merged
OIDC: refresh tokens #11699
Changes from all commits
Commits
Show all changes
64 commits
Select commit
Hold shift + click to select a range
2607997
test persistCredentials without a pickle key
3506c06
Merge branch 'develop' into kerry/25708/test-persist-credentials
609f790
test setLoggedIn with pickle key
f3092c7
lint
fad7f33
type error
32d5fb0
extract token persisting code into function, persist refresh token
e6529f1
store has_refresh_token too
66d57e5
pass refreshToken from oidcAuthGrant into credentials
b33e347
rest restore session with pickle key
823ba2e
Merge branch 'kerry/25708/test-persist-credentials' into kerry/25708/…
e91bbf4
retreive stored refresh token and add to credentials
b7e0603
Merge branch 'develop' into kerry/25708/test-persist-credentials
b8b0c86
Merge branch 'kerry/25708/test-persist-credentials' into kerry/25708/…
3ed9cc1
Merge branch 'develop' into kerry/25708/restore-refresh-token
221d306
extract token decryption into function
64dbc94
remove TODO
f059642
Merge branch 'develop' into kerry/25708/test-persist-credentials
9272110
Merge branch 'kerry/25708/test-persist-credentials' into kerry/25708/…
0f5fc31
Merge branch 'develop' into kerry/25708/restore-refresh-token
1708bef
very messy poc
1b76c18
Merge branch 'develop' into kerry/token-refresh-poc
d24fbd0
Merge branch 'develop' into kerry/25708/save-refresh-token
880c258
Merge branch 'kerry/25708/save-refresh-token' of https://github.com/m…
65c0734
Merge branch 'develop' into kerry/25708/save-refresh-token
70ddb4a
comments
22329b9
Merge branch 'kerry/25708/save-refresh-token' into kerry/25708/restor…
56441dc
Merge branch 'develop' into kerry/25708/save-refresh-token
af481b2
prettier
976ec8c
Merge branch 'kerry/25708/save-refresh-token' into kerry/25708/restor…
ae80087
Merge branch 'kerry/25708/restore-refresh-token' into kerry/token-ref…
ddd8ed7
Merge branch 'develop' into kerry/25708/restore-refresh-token
8cd5823
comment pedantry
ca24f0a
Merge branch 'kerry/25708/restore-refresh-token' into kerry/token-ref…
1fa7809
Merge branch 'develop' into kerry/token-refresh-poc
97fad4d
working refresh without persistence
e3673ee
extract token persistence functions to utils
41a4eb3
Merge branch 'kerry/25392/extract-token-functions' into kerry/token-r…
1c8e8cb
add sugar
0d558d7
Merge branch 'kerry/25392/extract-token-functions' into kerry/token-r…
5986b6c
implement TokenRefresher class with persistence
7db7291
tidying
dcd3026
persist idTokenClaims
4921e78
persist idTokenClaims
6ba08a2
tests
c962ca1
remove unused cde
0b4c4d8
Merge branch 'develop' into kerry/25392/persist-oidc-token-claims
3590f9c
Merge branch 'develop' into kerry/25392/persist-oidc-token-claims
87eb820
Merge branch 'kerry/25392/persist-oidc-token-claims' into kerry/token…
153ec78
create token refresher during doSetLoggedIn
ebdf0d5
tidying
2b1e73c
also tidying
7e081d4
update Lifecycle test replaceUsingCreds calls
d302374
Merge branch 'develop' into kerry/token-refresh-poc
df70f53
tidy
0b0bb61
test tokenrefresher creation in login flow
8a47e6e
test token refresher
a32ca16
Update src/utils/oidc/TokenRefresher.ts
5370474
use literal value for m.authentication
7f40f86
improve comments
ead0aae
Merge branch 'kerry/token-refresh-poc' of https://github.com/matrix-o…
9c0fdf9
Merge branch 'develop' into kerry/token-refresh-poc
6953b45
Merge branch 'develop' into kerry/token-refresh-poc
541a6e6
Merge branch 'develop' into kerry/token-refresh-poc
c333331
Merge branch 'develop' into kerry/token-refresh-poc
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
Copyright 2023 The Matrix.org Foundation C.I.C. | ||
|
||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
|
||
http://www.apache.org/licenses/LICENSE-2.0 | ||
|
||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
import { IDelegatedAuthConfig, OidcTokenRefresher, AccessTokens } from "matrix-js-sdk/src/matrix"; | ||
import { IdTokenClaims } from "oidc-client-ts"; | ||
|
||
import PlatformPeg from "../../PlatformPeg"; | ||
import { persistAccessTokenInStorage, persistRefreshTokenInStorage } from "../tokens/tokens"; | ||
|
||
/** | ||
* OidcTokenRefresher that implements token persistence. | ||
* Stores tokens in the same way as login flow in Lifecycle. | ||
*/ | ||
export class TokenRefresher extends OidcTokenRefresher { | ||
private readonly deviceId!: string; | ||
|
||
public constructor( | ||
authConfig: IDelegatedAuthConfig, | ||
clientId: string, | ||
redirectUri: string, | ||
deviceId: string, | ||
idTokenClaims: IdTokenClaims, | ||
private readonly userId: string, | ||
) { | ||
super(authConfig, clientId, deviceId, redirectUri, idTokenClaims); | ||
this.deviceId = deviceId; | ||
} | ||
|
||
public async persistTokens({ accessToken, refreshToken }: AccessTokens): Promise<void> { | ||
const pickleKey = (await PlatformPeg.get()?.getPickleKey(this.userId, this.deviceId)) ?? undefined; | ||
await persistAccessTokenInStorage(accessToken, pickleKey); | ||
await persistRefreshTokenInStorage(refreshToken, pickleKey); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
document the new param please