// LoadRefresh will load access data from Redis
func (r RedisOsinStorageInterface) LoadRefresh(token string) (*osin.AccessData, error) {
key := REFRESH_PREFIX + token
log.Debug("Loading REFRESH key: ", key)
accessJSON, storeErr := r.store.GetKey(key)
if storeErr != nil {
log.Error("Failure retreiving access token by key")
log.Error(storeErr)
return nil, storeErr
}
// new interface means having to make this nested... ick.
thisAccessData := osin.AccessData{}
thisAccessData.Client = new(osin.DefaultClient)
thisAccessData.AuthorizeData = &osin.AuthorizeData{}
thisAccessData.AuthorizeData.Client = new(osin.DefaultClient)
if marshalErr := json.Unmarshal([]byte(accessJSON), &thisAccessData); marshalErr != nil {
log.Error("Couldn't unmarshal OAuth auth data object (LoadRefresh)")
log.Error(marshalErr)
return nil, marshalErr
}
return &thisAccessData, nil
}
// SaveAccess will save a token and it's access data to redis
func (r RedisOsinStorageInterface) SaveAccess(accessData *osin.AccessData) error {
authDataJSON, marshalErr := json.Marshal(accessData)
if marshalErr != nil {
return marshalErr
}
key := ACCESS_PREFIX + accessData.AccessToken
log.Debug("Saving ACCESS key: ", key)
// Overide default ExpiresIn:
if config.OauthTokenExpire != 0 {
accessData.ExpiresIn = config.OauthTokenExpire
}
r.store.SetKey(key, string(authDataJSON), int64(accessData.ExpiresIn))
// Create a SessionState object and register it with the authmanager
var newSession SessionState
unmarshalErr := json.Unmarshal([]byte(accessData.UserData.(string)), &newSession)
if unmarshalErr != nil {
log.Error("Couldn't decode SessionState from UserData")
log.Error(unmarshalErr)
return unmarshalErr
}
// Set the client ID for analytics
newSession.OauthClientID = accessData.Client.GetId()
// Override timeouts so that we can be in sync with Osin
newSession.Expires = time.Now().Unix() + int64(accessData.ExpiresIn)
// Use the default session expiry here as this is OAuth
r.sessionManager.UpdateSession(accessData.AccessToken, newSession, newSession.Expires)
// Store the refresh token too
if accessData.RefreshToken != "" {
if accessDataJSON, marshalErr := json.Marshal(accessData); marshalErr != nil {
return marshalErr
} else {
key := REFRESH_PREFIX + accessData.RefreshToken
log.Debug("Saving REFRESH key: ", key)
refreshExpire := int64(1209600) // 14 days
if config.OauthRefreshExpire != 0 {
refreshExpire = config.OauthRefreshExpire
}
r.store.SetKey(key, string(accessDataJSON), refreshExpire)
log.Debug("STORING ACCESS DATA: ", string(accessDataJSON))
return nil
}
}
return nil
}
// LoadAccess will load access data from redis
func (r RedisOsinStorageInterface) LoadAccess(token string) (*osin.AccessData, error) {
key := ACCESS_PREFIX + token
log.Debug("Loading ACCESS key: ", key)
accessJSON, storeErr := r.store.GetKey(key)
if storeErr != nil {
log.Error("Failure retreiving access token by key")
log.Error(storeErr)
return nil, storeErr
}
thisAccessData := osin.AccessData{}
thisAccessData.Client = new(osin.DefaultClient)
if marshalErr := json.Unmarshal([]byte(accessJSON), &thisAccessData); marshalErr != nil {
log.Error("Couldn't unmarshal OAuth auth data object (LoadAccess)")
log.Error(marshalErr)
return nil, marshalErr
}
return &thisAccessData, nil
}
// SaveAccess will save a token and it's access data to redis
func (r RedisOsinStorageInterface) SaveAccess(accessData *osin.AccessData) error {
authDataJSON, marshalErr := json.Marshal(accessData)
if marshalErr != nil {
return marshalErr
}
key := ACCESS_PREFIX + accessData.AccessToken
log.Debug("Saving ACCESS key: ", key)
// Overide default ExpiresIn:
if config.OauthTokenExpire != 0 {
accessData.ExpiresIn = config.OauthTokenExpire
}
r.store.SetKey(key, string(authDataJSON), int64(accessData.ExpiresIn))
// Create a SessionState object and register it with the authmanager
var newSession SessionState
// ------
checkPolicy := true
if accessData.UserData != nil {
checkPolicy = false
marshalErr := json.Unmarshal([]byte(accessData.UserData.(string)), &newSession)
if marshalErr != nil {
log.Info("Couldn't decode SessionState from UserData, checking policy: ", marshalErr)
checkPolicy = true
}
}
if checkPolicy {
// defined in JWT middleware
sessionFromPolicy, notFoundErr := generateSessionFromPolicy(accessData.Client.GetPolicyID(), "", false)
if notFoundErr != nil {
return errors.New("Couldn't use policy or key rules to create token, failing")
}
newSession = sessionFromPolicy
}
// ------
// Set the client ID for analytics
newSession.OauthClientID = accessData.Client.GetId()
// Override timeouts so that we can be in sync with Osin
newSession.Expires = time.Now().Unix() + int64(accessData.ExpiresIn)
// Use the default session expiry here as this is OAuth
r.sessionManager.UpdateSession(accessData.AccessToken, newSession, int64(accessData.ExpiresIn))
// Store the refresh token too
if accessData.RefreshToken != "" {
accessDataJSON, marshalErr := json.Marshal(accessData)
if marshalErr != nil {
return marshalErr
}
key := REFRESH_PREFIX + accessData.RefreshToken
log.Debug("Saving REFRESH key: ", key)
refreshExpire := int64(1209600) // 14 days
if config.OauthRefreshExpire != 0 {
refreshExpire = config.OauthRefreshExpire
}
r.store.SetKey(key, string(accessDataJSON), refreshExpire)
log.Debug("STORING ACCESS DATA: ", string(accessDataJSON))
return nil
}
return nil
}
