Extend oauth2 token with auth time field (#363)

Co-authored-by: Arnold Iakab <[email protected]>
pace · Jan 25, 2024 · db7403f · db7403f
1 parent 0923028
commit db7403f
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/http/oauth2/introspection.go b/http/oauth2/introspection.go
@@ -29,6 +29,7 @@ type IntrospectResponse struct {
 	Scope    string `json:"scope"`
 	ClientID string `json:"client_id"`
 	UserID   string `json:"user_id"`
+	AuthTime int64  `json:"auth_time"`
 
 	// Backend identifies the backend used for introspection. This attribute
 	// exists as a convenience if you have more than one authorization backend

diff --git a/http/oauth2/oauth2.go b/http/oauth2/oauth2.go
@@ -9,10 +9,9 @@ package oauth2
 import (
 	"context"
 	"errors"
-	"net/http"
-
 	"github.com/opentracing/opentracing-go"
 	olog "github.com/opentracing/opentracing-go/log"
+	"net/http"
 
 	"github.com/pace/bricks/http/security"
 	"github.com/pace/bricks/maintenance/log"
@@ -46,6 +45,7 @@ type token struct {
 	value    string
 	userID   string
 	clientID string
+	authTime int64
 	scope    Scope
 	backend  interface{}
 }
@@ -102,6 +102,7 @@ func fromIntrospectResponse(s *IntrospectResponse, tokenValue string) token {
 	t := token{
 		userID:   s.UserID,
 		value:    tokenValue,
+		authTime: s.AuthTime,
 		clientID: s.ClientID,
 		backend:  s.Backend,
 	}
@@ -141,6 +142,16 @@ func UserID(ctx context.Context) (string, bool) {
 	return oauth2token.userID, true
 }
 
+// AuthTime returns the auth time stored in ctx as unix timestamp
+func AuthTime(ctx context.Context) (int64, bool) {
+	tok, _ := security.GetTokenFromContext(ctx)
+	oauth2token, ok := tok.(*token)
+	if !ok {
+		return 0, false
+	}
+	return oauth2token.authTime, true
+}
+
 // Scopes returns the scopes stored in ctx
 func Scopes(ctx context.Context) []string {
 	tok, _ := security.GetTokenFromContext(ctx)