Skip to content

Commit

Permalink
fixed lost OIDC refresh token when performing a refresh
Browse files Browse the repository at this point in the history
  • Loading branch information
sdaschner committed Jul 23, 2020
1 parent 05a0ec5 commit c5d1582
Showing 1 changed file with 12 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,8 @@ public void accept(SecurityIdentity identity) {
LOG.debug("ID Token is required to contain 'exp' and 'iat' claims");
uniEmitter.fail(new AuthenticationCompletionException());
}
processSuccessfulAuthentication(context, configContext, result, identity);
processSuccessfulAuthentication(context, configContext, result,
result.opaqueRefreshToken(), identity);

if (configContext.oidcConfig.authentication.isRemoveRedirectParameters()
&& context.request().query() != null) {
Expand Down Expand Up @@ -348,15 +349,12 @@ private String signJwtWithClientSecret(OidcTenantConfig cfg) {
}

private void processSuccessfulAuthentication(RoutingContext context, TenantConfigContext configContext,
AccessToken result, SecurityIdentity securityIdentity) {

AccessToken result, String refreshToken, SecurityIdentity securityIdentity) {
removeCookie(context, configContext, getSessionCookieName(configContext));

String cookieValue = new StringBuilder(result.opaqueIdToken())
.append(COOKIE_DELIM)
.append(result.opaqueAccessToken())
.append(COOKIE_DELIM)
.append(result.opaqueRefreshToken()).toString();
String cookieValue = result.opaqueIdToken() + COOKIE_DELIM
+ result.opaqueAccessToken() + COOKIE_DELIM
+ refreshToken;

long maxAge = result.idToken().getLong("exp") - result.idToken().getLong("iat");
if (configContext.oidcConfig.token.lifespanGrace.isPresent()) {
Expand Down Expand Up @@ -470,8 +468,12 @@ public void handle(AsyncResult<Void> result) {
.subscribe().with(new Consumer<SecurityIdentity>() {
@Override
public void accept(SecurityIdentity identity) {
// after a successful refresh, rebuild the identity and update the cookie
processSuccessfulAuthentication(context, configContext, token,
// the refresh token might not have been send in the response again
String refresh = token.opaqueRefreshToken() != null
? token.opaqueRefreshToken()
: refreshToken;
// after a successful refresh, rebuild the identity and update the cookie
processSuccessfulAuthentication(context, configContext, token, refresh,
identity);
// update the token so that blocking threads get the latest one
emitter.complete(
Expand Down

0 comments on commit c5d1582

Please sign in to comment.