fix(oidc): session refresh failure (#3603)

This fixes an issue with OpenID Connect where refresh sessions fail to process.
This commit is contained in:
James Elliott 2022-06-28 10:21:57 +10:00 committed by GitHub
parent b619f04771
commit a6a05ef373
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 18 deletions

2
go.mod
View File

@ -22,6 +22,7 @@ require (
github.com/knadh/koanf v1.4.2 github.com/knadh/koanf v1.4.2
github.com/mattn/go-sqlite3 v2.0.3+incompatible github.com/mattn/go-sqlite3 v2.0.3+incompatible
github.com/mitchellh/mapstructure v1.5.0 github.com/mitchellh/mapstructure v1.5.0
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
github.com/ory/fosite v0.42.2 github.com/ory/fosite v0.42.2
github.com/ory/herodot v0.9.13 github.com/ory/herodot v0.9.13
github.com/otiai10/copy v1.7.0 github.com/otiai10/copy v1.7.0
@ -76,7 +77,6 @@ require (
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
github.com/ory/go-acc v0.2.6 // indirect github.com/ory/go-acc v0.2.6 // indirect
github.com/ory/go-convenience v0.1.0 // indirect github.com/ory/go-convenience v0.1.0 // indirect
github.com/ory/viper v1.7.5 // indirect github.com/ory/viper v1.7.5 // indirect

View File

@ -9,6 +9,7 @@ import (
"time" "time"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/mohae/deepcopy"
"github.com/ory/fosite" "github.com/ory/fosite"
"github.com/ory/fosite/handler/openid" "github.com/ory/fosite/handler/openid"
@ -40,16 +41,13 @@ func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session
var ( var (
subject string subject string
sessionOpenID *OpenIDSession sessionOpenID *OpenIDSession
ok bool
sessionData []byte sessionData []byte
) )
s := r.GetSession() sessionOpenID, ok = r.GetSession().(*OpenIDSession)
if !ok {
switch t := s.(type) { return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", r.GetSession())
case *OpenIDSession:
sessionOpenID = t
default:
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", s)
} }
subject = sessionOpenID.GetSubject() subject = sessionOpenID.GetSubject()
@ -163,16 +161,6 @@ type OAuth2BlacklistedJTI struct {
ExpiresAt time.Time `db:"expires_at"` ExpiresAt time.Time `db:"expires_at"`
} }
// OpenIDSession holds OIDC Session information.
type OpenIDSession struct {
*openid.DefaultSession `json:"id_token"`
ChallengeID uuid.UUID `db:"challenge_id"`
ClientID string
Extra map[string]interface{} `json:"extra"`
}
// OAuth2Session represents a OAuth2.0 session. // OAuth2Session represents a OAuth2.0 session.
type OAuth2Session struct { type OAuth2Session struct {
ID int `db:"id"` ID int `db:"id"`
@ -229,3 +217,22 @@ func (s OAuth2Session) ToRequest(ctx context.Context, session fosite.Session, st
Session: session, Session: session,
}, nil }, nil
} }
// OpenIDSession holds OIDC Session information.
type OpenIDSession struct {
*openid.DefaultSession `json:"id_token"`
ChallengeID uuid.UUID `db:"challenge_id"`
ClientID string
Extra map[string]interface{} `json:"extra"`
}
// Clone copies the OpenIDSession to a new fosite.Session.
func (s *OpenIDSession) Clone() fosite.Session {
if s == nil {
return nil
}
return deepcopy.Copy(s).(fosite.Session)
}