Skip to content

Commit

Permalink
refactor: rename token introspection token_type to token_use
Browse files Browse the repository at this point in the history 
BREAKING CHANGE: Previously, the OAuth2 Token Introspection endpoint would return `access_token` or `refresh_token` for the key `token_type`. This however is not according to spec, which specifies `bearer` as the only valid (unless an extension is used) `token_type` parameter. Please be aware that `token_type_hint` in the **request parameters** is still correct. For more information consult [RFC7662](https://tools.ietf.org/html/rfc7662). If you wish to know if a token can be used as an access or refresh token, check the new `token_use` parameter!

Closes #1762
  • Loading branch information
@aeneasr
aeneasr committed Oct 11, 2020
1 parent e159bd0 commit 48a23c8
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 3 deletions.
4 changes: 2 additions & 2 deletions oauth2/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -437,7 +437,7 @@ func (h *Handler) IntrospectHandler(w http.ResponseWriter, r *http.Request, _ ht
resp := &fosite.IntrospectionResponse{
Active: true,
AccessRequester: ar,
TokenType: tt,
TokenUse: tt,
}

exp := resp.GetAccessRequester().GetSession().GetExpiresAt(tt)
Expand Down Expand Up @@ -475,7 +475,7 @@ func (h *Handler) IntrospectHandler(w http.ResponseWriter, r *http.Request, _ ht
Audience: resp.GetAccessRequester().GetGrantedAudience(),
Issuer: strings.TrimRight(h.c.IssuerURL().String(), "/") + "/",
ObfuscatedSubject: obfuscated,
TokenType: string(resp.GetTokenType()),
TokenType: string(resp.GetTokenUse()),
}); err != nil {
x.LogError(r, errors.WithStack(err), h.r.Logger())
}
Expand Down
5 changes: 4 additions & 1 deletion oauth2/introspector.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,12 @@ type Introspection struct {
// IssuerURL is a string representing the issuer of this token
Issuer string `json:"iss,omitempty"`

// TokenType is the introspected token's type, for example `access_token` or `refresh_token`.
// TokenType is the type of the token. It will always be `bearer`. Do not confuse this with TokenUse!
TokenType string `json:"token_type,omitempty"`

// TokenUse is the introspected token's use - is one of `access_token` or `refresh_token`.
TokenUse string `json:"token_use,omitempty"`

// Extra is arbitrary data set by the session.
Extra map[string]interface{} `json:"ext,omitempty"`
}

0 comments on commit 48a23c8

Please sign in to comment.