diff --git a/server/api_test.go b/server/api_test.go index a7891208..80a22486 100644 --- a/server/api_test.go +++ b/server/api_test.go @@ -259,6 +259,7 @@ func TestRefreshToken(t *testing.T) { EmailVerified: true, Groups: []string{"a", "b"}, }, + ConnectorData: []byte(`{"some":"data"}`), } if err := s.CreateRefresh(r); err != nil { diff --git a/server/handlers.go b/server/handlers.go index a4db71cb..80965daf 100644 --- a/server/handlers.go +++ b/server/handlers.go @@ -490,6 +490,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth updater := func(a storage.AuthRequest) (storage.AuthRequest, error) { a.LoggedIn = true a.Claims = claims + a.ConnectorData = identity.ConnectorData return a, nil } if err := s.storage.UpdateAuthRequest(authReq.ID, updater); err != nil { @@ -621,14 +622,15 @@ func (s *Server) sendCodeResponse(w http.ResponseWriter, r *http.Request, authRe switch responseType { case responseTypeCode: code = storage.AuthCode{ - ID: storage.NewID(), - ClientID: authReq.ClientID, - ConnectorID: authReq.ConnectorID, - Nonce: authReq.Nonce, - Scopes: authReq.Scopes, - Claims: authReq.Claims, - Expiry: s.now().Add(time.Minute * 30), - RedirectURI: authReq.RedirectURI, + ID: storage.NewID(), + ClientID: authReq.ClientID, + ConnectorID: authReq.ConnectorID, + Nonce: authReq.Nonce, + Scopes: authReq.Scopes, + Claims: authReq.Claims, + Expiry: s.now().Add(time.Minute * 30), + RedirectURI: authReq.RedirectURI, + ConnectorData: authReq.ConnectorData, } if err := s.storage.CreateAuthCode(code); err != nil { s.logger.Errorf("Failed to create auth code: %v", err) @@ -824,15 +826,16 @@ func (s *Server) handleAuthCode(w http.ResponseWriter, r *http.Request, client s var refreshToken string if reqRefresh { refresh := storage.RefreshToken{ - ID: storage.NewID(), - Token: storage.NewID(), - ClientID: authCode.ClientID, - ConnectorID: authCode.ConnectorID, - Scopes: authCode.Scopes, - Claims: authCode.Claims, - Nonce: authCode.Nonce, - CreatedAt: s.now(), - LastUsed: s.now(), + ID: storage.NewID(), + Token: storage.NewID(), + ClientID: authCode.ClientID, + ConnectorID: authCode.ConnectorID, + Scopes: authCode.Scopes, + Claims: authCode.Claims, + Nonce: authCode.Nonce, + ConnectorData: authCode.ConnectorData, + CreatedAt: s.now(), + LastUsed: s.now(), } token := &internal.RefreshToken{ RefreshId: refresh.ID, diff --git a/storage/storage.go b/storage/storage.go index 85a60965..cb2a7e0c 100644 --- a/storage/storage.go +++ b/storage/storage.go @@ -181,7 +181,8 @@ type AuthRequest struct { // The connector used to login the user and any data the connector wishes to persists. // Set when the user authenticates. - ConnectorID string + ConnectorID string + ConnectorData []byte } // AuthCode represents a code which can be exchanged for an OAuth2 token response. @@ -212,8 +213,9 @@ type AuthCode struct { Scopes []string // Authentication data provided by an upstream source. - ConnectorID string - Claims Claims + ConnectorID string + ConnectorData []byte + Claims Claims Expiry time.Time } @@ -235,8 +237,9 @@ type RefreshToken struct { ClientID string // Authentication data provided by an upstream source. - ConnectorID string - Claims Claims + ConnectorID string + ConnectorData []byte + Claims Claims // Scopes present in the initial request. Refresh requests may specify a set // of scopes different from the initial request when refreshing a token,