Sign upLogin

ory-am/hydra

View on GitHub
Star
fositex/token_strategy.go

Summary

Maintainability
A
0 mins
Test Coverage
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0

package fositex

import (
    "context"
    "strings"

    "github.com/ory/fosite"
    foauth2 "github.com/ory/fosite/handler/oauth2"
    "github.com/ory/hydra/v2/client"
    "github.com/ory/hydra/v2/driver/config"
)

var _ foauth2.CoreStrategy = (*TokenStrategy)(nil)

// TokenStrategy uses the correct token strategy (jwt, opaque) depending on the configuration.
type TokenStrategy struct {
    c    *config.DefaultProvider
    hmac *foauth2.HMACSHAStrategy
    jwt  *foauth2.DefaultJWTStrategy
}

// NewTokenStrategy returns a new TokenStrategy.
func NewTokenStrategy(c *config.DefaultProvider, hmac *foauth2.HMACSHAStrategy, jwt *foauth2.DefaultJWTStrategy) *TokenStrategy {
    return &TokenStrategy{c: c, hmac: hmac, jwt: jwt}
}

// gs returns the configured strategy.
func (t TokenStrategy) gs(ctx context.Context, additionalSources ...config.AccessTokenStrategySource) foauth2.CoreStrategy {
    switch ats := t.c.AccessTokenStrategy(ctx, additionalSources...); ats {
    case config.AccessTokenJWTStrategy:
        return t.jwt
    }
    return t.hmac
}

func (t TokenStrategy) AccessTokenSignature(_ context.Context, token string) string {
    return genericSignature(token)
}

func (t TokenStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error) {
    return t.gs(ctx, withRequester(requester)).GenerateAccessToken(ctx, requester)
}

func (t TokenStrategy) ValidateAccessToken(ctx context.Context, requester fosite.Requester, token string) (err error) {
    return t.gs(ctx, withRequester(requester)).ValidateAccessToken(ctx, requester, token)
}

func (t TokenStrategy) RefreshTokenSignature(ctx context.Context, token string) string {
    return t.gs(ctx).RefreshTokenSignature(ctx, token)
}

func (t TokenStrategy) GenerateRefreshToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error) {
    return t.gs(ctx, withRequester(requester)).GenerateRefreshToken(ctx, requester)
}

func (t TokenStrategy) ValidateRefreshToken(ctx context.Context, requester fosite.Requester, token string) (err error) {
    return t.gs(ctx, withRequester(requester)).ValidateRefreshToken(ctx, requester, token)
}

func (t TokenStrategy) AuthorizeCodeSignature(ctx context.Context, token string) string {
    return t.gs(ctx).AuthorizeCodeSignature(ctx, token)
}

func (t TokenStrategy) GenerateAuthorizeCode(ctx context.Context, requester fosite.Requester) (token string, signature string, err error) {
    return t.gs(ctx, withRequester(requester)).GenerateAuthorizeCode(ctx, requester)
}

func (t TokenStrategy) ValidateAuthorizeCode(ctx context.Context, requester fosite.Requester, token string) (err error) {
    return t.gs(ctx, withRequester(requester)).ValidateAuthorizeCode(ctx, requester, token)
}

func withRequester(requester fosite.Requester) config.AccessTokenStrategySource {
    return client.AccessTokenStrategySource(requester.GetClient())
}

func genericSignature(token string) string {
    switch parts := strings.Split(token, "."); len(parts) {
    case 2:
        return parts[1]
    case 3:
        return parts[2]
    default:
        return ""
    }
}