Extend oauth2 token with auth time field

pace · Jan 25, 2024 · 0475892 · 0475892
1 parent 0923028
commit 0475892
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/http/oauth2/introspection.go b/http/oauth2/introspection.go
@@ -6,6 +6,7 @@ package oauth2
 import (
 	"context"
 	"errors"
+	"time"
 )
 
 // TokenIntrospecter needs to be implemented for token lookup
@@ -25,10 +26,11 @@ var ErrBadUpstreamResponse = errors.New("bad upstream response when introspectin
 // IntrospectResponse in case of a successful check of the
 // oauth2 request
 type IntrospectResponse struct {
-	Active   bool   `json:"active"`
-	Scope    string `json:"scope"`
-	ClientID string `json:"client_id"`
-	UserID   string `json:"user_id"`
+	Active   bool      `json:"active"`
+	Scope    string    `json:"scope"`
+	ClientID string    `json:"client_id"`
+	UserID   string    `json:"user_id"`
+	AuthTime time.Time `json:"auth_time"`
 
 	// Backend identifies the backend used for introspection. This attribute
 	// exists as a convenience if you have more than one authorization backend

diff --git a/http/oauth2/oauth2.go b/http/oauth2/oauth2.go
@@ -10,6 +10,7 @@ import (
 	"context"
 	"errors"
 	"net/http"
+	"time"
 
 	"github.com/opentracing/opentracing-go"
 	olog "github.com/opentracing/opentracing-go/log"
@@ -46,6 +47,7 @@ type token struct {
 	value    string
 	userID   string
 	clientID string
+	authTime time.Time
 	scope    Scope
 	backend  interface{}
 }
@@ -102,6 +104,7 @@ func fromIntrospectResponse(s *IntrospectResponse, tokenValue string) token {
 	t := token{
 		userID:   s.UserID,
 		value:    tokenValue,
+		authTime: s.AuthTime,
 		clientID: s.ClientID,
 		backend:  s.Backend,
 	}