Store refresh token and AT expiration (#2713)
This commit is contained in:
parent
4b9f788bf9
commit
b3b29508d3
|
@ -3,6 +3,7 @@ package Lemonldap::NG::Portal::Auth::OpenIDConnect;
|
|||
use strict;
|
||||
use Mouse;
|
||||
use MIME::Base64 qw/encode_base64 decode_base64/;
|
||||
use Scalar::Util qw/looks_like_number/;
|
||||
use Lemonldap::NG::Common::JWT qw(getJWTPayload);
|
||||
use Lemonldap::NG::Portal::Main::Constants qw(
|
||||
PE_OK
|
||||
|
@ -159,11 +160,19 @@ sub extractFormInfo {
|
|||
$self->logger->debug("Token response is valid");
|
||||
}
|
||||
|
||||
my $access_token = $token_response->{access_token};
|
||||
my $id_token = $token_response->{id_token};
|
||||
my $access_token = $token_response->{access_token};
|
||||
my $expires_in = $token_response->{expires_in};
|
||||
my $id_token = $token_response->{id_token};
|
||||
my $refresh_token = $token_response->{refresh_token};
|
||||
|
||||
undef $expires_in unless looks_like_number($expires_in);
|
||||
|
||||
$self->logger->debug("Access token: $access_token");
|
||||
$self->logger->debug(
|
||||
"Access token expires in: " . ( $expires_in || "<unknown>" ) );
|
||||
$self->logger->debug("ID token: $id_token");
|
||||
$self->logger->debug(
|
||||
"Refresh token: " . ( $refresh_token || "<none>" ) );
|
||||
|
||||
# Verify JWT signature
|
||||
if ( $self->conf->{oidcOPMetaDataOptions}->{$op}
|
||||
|
@ -219,8 +228,15 @@ sub extractFormInfo {
|
|||
my $user_id = $id_token_payload_hash->{sub};
|
||||
|
||||
# Remember tokens
|
||||
$req->data->{access_token} = $access_token;
|
||||
$req->data->{id_token} = $id_token;
|
||||
$req->data->{access_token} = $access_token;
|
||||
$req->data->{refresh_token} = $refresh_token if $refresh_token;
|
||||
$req->data->{id_token} = $id_token;
|
||||
|
||||
# If access token TTL is given save expiration date
|
||||
# (with security margin)
|
||||
if ($expires_in) {
|
||||
$req->data->{access_token_eol} = time + ( $expires_in * 0.9 );
|
||||
}
|
||||
|
||||
$self->logger->debug( "Found user_id: " . $user_id );
|
||||
$req->user($user_id);
|
||||
|
@ -303,6 +319,16 @@ sub setAuthSessionInfo {
|
|||
$req->{sessionInfo}->{_oidc_access_token} =
|
||||
$req->data->{access_token};
|
||||
|
||||
if ( $req->data->{refresh_token} ) {
|
||||
$req->{sessionInfo}->{_oidc_refresh_token} =
|
||||
$req->data->{refresh_token};
|
||||
}
|
||||
|
||||
if ( $req->data->{access_token_eol} ) {
|
||||
$req->{sessionInfo}->{_oidc_access_token_eol} =
|
||||
$req->data->{access_token_eol};
|
||||
}
|
||||
|
||||
# Keep ID Token in session
|
||||
my $store_IDToken = $self->conf->{oidcOPMetaDataOptions}->{$op}
|
||||
->{oidcOPMetaDataOptionsStoreIDToken};
|
||||
|
|
Loading…
Reference in New Issue