fix(oidc): session refresh failure (#3603)

This fixes an issue with OpenID Connect where refresh sessions fail to process.
This commit is contained in:
James Elliott 2022-06-28 10:21:57 +10:00 committed by GitHub
parent b619f04771
commit a6a05ef373
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 18 deletions

2
go.mod
View File

@ -22,6 +22,7 @@ require (
github.com/knadh/koanf v1.4.2
github.com/mattn/go-sqlite3 v2.0.3+incompatible
github.com/mitchellh/mapstructure v1.5.0
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
github.com/ory/fosite v0.42.2
github.com/ory/herodot v0.9.13
github.com/otiai10/copy v1.7.0
@ -76,7 +77,6 @@ require (
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/ory/go-acc v0.2.6 // indirect
github.com/ory/go-convenience v0.1.0 // indirect
github.com/ory/viper v1.7.5 // indirect

View File

@ -9,6 +9,7 @@ import (
"time"
"github.com/google/uuid"
"github.com/mohae/deepcopy"
"github.com/ory/fosite"
"github.com/ory/fosite/handler/openid"
@ -40,16 +41,13 @@ func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session
var (
subject string
sessionOpenID *OpenIDSession
ok bool
sessionData []byte
)
s := r.GetSession()
switch t := s.(type) {
case *OpenIDSession:
sessionOpenID = t
default:
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", s)
sessionOpenID, ok = r.GetSession().(*OpenIDSession)
if !ok {
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", r.GetSession())
}
subject = sessionOpenID.GetSubject()
@ -163,16 +161,6 @@ type OAuth2BlacklistedJTI struct {
ExpiresAt time.Time `db:"expires_at"`
}
// OpenIDSession holds OIDC Session information.
type OpenIDSession struct {
*openid.DefaultSession `json:"id_token"`
ChallengeID uuid.UUID `db:"challenge_id"`
ClientID string
Extra map[string]interface{} `json:"extra"`
}
// OAuth2Session represents a OAuth2.0 session.
type OAuth2Session struct {
ID int `db:"id"`
@ -229,3 +217,22 @@ func (s OAuth2Session) ToRequest(ctx context.Context, session fosite.Session, st
Session: session,
}, nil
}
// OpenIDSession holds OIDC Session information.
type OpenIDSession struct {
*openid.DefaultSession `json:"id_token"`
ChallengeID uuid.UUID `db:"challenge_id"`
ClientID string
Extra map[string]interface{} `json:"extra"`
}
// Clone copies the OpenIDSession to a new fosite.Session.
func (s *OpenIDSession) Clone() fosite.Session {
if s == nil {
return nil
}
return deepcopy.Copy(s).(fosite.Session)
}