fix: use correct grant lifespan to issue tokens

canonical · Apr 29, 2024 · 5d9307c · 5d9307c
1 parent 515c6b4
commit 5d9307c
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 3 deletions.
diff --git a/handler/oauth2/flow_authorize_code_token.go b/handler/oauth2/flow_authorize_code_token.go
@@ -77,6 +77,10 @@ func (v AuthorizeExplicitGrantAccessRequestValidator) ValidateGrantTypes(request
 	return nil
 }
 
+func (v AuthorizeExplicitGrantAccessRequestValidator) GetGrantType(requester fosite.AccessRequester) fosite.GrantType {
+	return fosite.GrantTypeAuthorizationCode
+}
+
 func (v AuthorizeExplicitGrantAccessRequestValidator) ValidateRedirectURI(accessRequester fosite.AccessRequester, authorizeRequester fosite.Requester) error {
 	forcedRedirectURI := authorizeRequester.GetRequestForm().Get("redirect_uri")
 	requestedRedirectURI := accessRequester.GetRequestForm().Get("redirect_uri")

diff --git a/handler/oauth2/flow_generic_code_token.go b/handler/oauth2/flow_generic_code_token.go
@@ -28,6 +28,9 @@ type AccessRequestValidator interface {
 
 	// ValidateRedirectURI validates the redirect uri in the access request.
 	ValidateRedirectURI(accessRequester fosite.AccessRequester, authorizeRequester fosite.Requester) error
+
+	// GetGrantType retrieves the grant type from the request.
+	GetGrantType(requester fosite.AccessRequester) fosite.GrantType
 }
 
 // CodeHandler handles authorization/device code related operations.
@@ -138,7 +141,7 @@ func (c *GenericCodeTokenEndpointHandler) PopulateTokenEndpointResponse(ctx cont
 		}
 	}
 
-	lifeSpan := fosite.GetEffectiveLifespan(requester.GetClient(), fosite.GrantTypeAuthorizationCode, fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
+	lifeSpan := fosite.GetEffectiveLifespan(requester.GetClient(), c.GetGrantType(requester), fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
 	responder.SetAccessToken(accessToken)
 	responder.SetTokenType("bearer")
 	responder.SetExpiresIn(getExpiresIn(requester, fosite.AccessToken, lifeSpan, time.Now().UTC()))
@@ -209,10 +212,10 @@ func (c *GenericCodeTokenEndpointHandler) HandleTokenEndpointRequest(ctx context
 	requester.SetSession(ar.GetSession())
 	requester.SetID(ar.GetID())
 
-	atLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), fosite.GrantTypeAuthorizationCode, fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
+	atLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), c.GetGrantType(requester), fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
 	requester.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().UTC().Add(atLifespan).Round(time.Second))
 
-	rtLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), fosite.GrantTypeAuthorizationCode, fosite.RefreshToken, c.Config.GetRefreshTokenLifespan(ctx))
+	rtLifespan := fosite.GetEffectiveLifespan(requester.GetClient(), c.GetGrantType(requester), fosite.RefreshToken, c.Config.GetRefreshTokenLifespan(ctx))
 	if rtLifespan > -1 {
 		requester.GetSession().SetExpiresAt(fosite.RefreshToken, time.Now().UTC().Add(rtLifespan).Round(time.Second))
 	}

diff --git a/handler/rfc8628/token_handler.go b/handler/rfc8628/token_handler.go
@@ -109,6 +109,10 @@ func (v DeviceAccessRequestValidator) ValidateRedirectURI(accessRequester fosite
 	return nil
 }
 
+func (v DeviceAccessRequestValidator) GetGrantType(requester fosite.AccessRequester) fosite.GrantType {
+	return fosite.GrantTypeDeviceCode
+}
+
 type DeviceCodeTokenEndpointHandler struct {
 	oauth2.GenericCodeTokenEndpointHandler
 }