Skip to content

feat: implement RFC 8628 #3912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 52 commits into from
Feb 26, 2025
Merged

feat: implement RFC 8628 #3912

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
52 commits
Select commit Hold shift + click to select a range
522fb43
chore: install fosite from commit
nsklikas Sep 25, 2024
3795e25
fix: set utc expires_at
nsklikas Sep 25, 2024
ff9bebc
fix: add redirect_uri to test
nsklikas Sep 25, 2024
4c4a869
fix: add rfc8628 providers to registry
nsklikas Feb 9, 2024
9516482
fix: update database schema
nsklikas Feb 9, 2024
7ef66de
fix: update oauth persister logic
nsklikas Sep 24, 2024
accccf1
feat: add device authorization endpoint handler
nsklikas Feb 9, 2024
dba944f
refactor: move logic to updateSessionWithRequest method
nsklikas Feb 28, 2024
29d72ff
fix: rename device auth endpoint handler
nsklikas Feb 28, 2024
b5347b5
feat: add device user verification handler
nsklikas Feb 28, 2024
ef6ac13
fix: implement device user verification logic
nsklikas Feb 28, 2024
6257b3e
feat: update flow
nsklikas Mar 1, 2024
c22f5ab
fix: add post device auth handler
nsklikas Mar 1, 2024
b96b63d
feat: add consent handler for accepting a user_code
nsklikas Mar 1, 2024
2dbdfc6
chore: add post_device_done to config schema
nsklikas Mar 7, 2024
94c2f62
chore: add e2e tests
nsklikas Mar 11, 2024
e268ba1
feat: token request handling for device flow
wood-push-melon Mar 23, 2024
46cfe10
chore: update config
nsklikas Mar 21, 2024
079f568
fix: fix the OIDC token and refresh token issue for device flow
wood-push-melon Apr 11, 2024
fd40c23
fix: update OpenID Connect session after user consent
wood-push-melon Apr 12, 2024
23c8dce
fix: add GetDeviceCodeSessionByRequestID method
nsklikas Apr 15, 2024
a9f1dde
fix: return client_id to post_device page
nsklikas Apr 15, 2024
e8cc25e
fix: update existing device session
nsklikas Apr 15, 2024
5a40ef4
fix: update tests
nsklikas Apr 15, 2024
b558b49
fix: add device auth endpoint in discovery metadata
nsklikas Apr 23, 2024
989d9ec
fix: make device grant lifetimes configurable
nsklikas Apr 25, 2024
3881ef2
test: update sql fixtures
nsklikas Apr 29, 2024
3bdc5bc
fix: perform device flow from CLI
nsklikas May 22, 2024
34a9750
fix: wrap db calls in transaction
nsklikas Jul 30, 2024
1656830
chore: fix license
nsklikas Sep 25, 2024
4669117
chore: update sdk
nsklikas Sep 24, 2024
fe9e20e
fix: duplicate user_code update
nsklikas Sep 26, 2024
2b0efc7
refactor: merge user and device code tables
nsklikas Nov 15, 2024
5842a86
fix: create openid session when log in succeeds
nsklikas Nov 18, 2024
0dfd2fe
refactor: update device session persistence logic
nsklikas Nov 15, 2024
ce6e722
fix: update oauth persister logic
nsklikas Dec 10, 2024
03f5928
fix: handle user_code collisions
nsklikas Jan 8, 2025
aff0979
chore: code review
aeneasr Jan 16, 2025
dbe83d4
fixup! dfa4c99b
nsklikas Jan 24, 2025
05d275a
fixup! 04c25d8b4f6ed7f687fc5186732f9008bedce811
nsklikas Jan 24, 2025
039f9c0
chore: add more tests
nsklikas Jan 24, 2025
7dc0ed7
fix: update device session fields
nsklikas Jan 24, 2025
b657f00
fix: make user_code entropy configurable
nsklikas Jan 27, 2025
1b37e08
fix: make device_challenge unique
nsklikas Jan 27, 2025
17b6827
chore: move array to variable
nsklikas Jan 29, 2025
fa281f7
fix: device flow cli
aeneasr Feb 9, 2025
31372eb
fix: update device urls
aeneasr Feb 9, 2025
fff438e
chore: code review
aeneasr Feb 10, 2025
a3e3e05
u
aeneasr Feb 10, 2025
33d997f
chore: address review comments
nsklikas Feb 11, 2025
df22c9e
fix: remove device session when used
nsklikas Feb 12, 2025
ee0738f
chore: add cypress tests
nsklikas Feb 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 71 additions & 3 deletions .schema/config.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -464,6 +464,11 @@
"description": "Sets the session cookie name. Use with care!",
"type": "object",
"properties": {
"device_csrf": {
"type": "string",
"title": "CSRF Cookie Name",
"default": "ory_hydra_device_csrf"
},
"login_csrf": {
"type": "string",
"title": "CSRF Cookie Name",
Expand Down Expand Up @@ -614,6 +619,14 @@
"https://my-service.com/oauth2/auth"
]
},
"device_authorization_url": {
"type": "string",
"description": "Overwrites the OAuth2 Device Auth URL",
"format": "uri-reference",
"examples": [
"https://my-service.com/oauth2/device/auth"
]
},
"client_registration_url": {
"description": "Sets the OpenID Connect Dynamic Client Registration Endpoint",
"type": "string",
Expand Down Expand Up @@ -803,6 +816,30 @@
"/ui/logout"
]
},
"device": {
"type": "object",
"description": "Configure URLs for the OAuth 2.0 Device Code Flow.",
"properties": {
"verification": {
"type": "string",
"description": "Sets the device user code verification endpoint. Defaults to an internal fallback URL showing an error.",
"format": "uri-reference",
"examples": [
"https://my-logout.app/device_verification",
"/ui/device_verification"
]
},
"success": {
"type": "string",
"description": "Sets the post device authentication endpoint. Defaults to an internal fallback URL showing an error.",
"format": "uri-reference",
"examples": [
"https://my-logout.app/device_done",
"/ui/device_done"
]
}
}
},
"error": {
"type": "string",
"description": "Sets the error endpoint. The error ui will be shown when an OAuth2 error occurs that which can not be sent back to the client. Defaults to an internal fallback URL showing an error.",
Expand Down Expand Up @@ -947,6 +984,15 @@
"$ref": "#/definitions/duration"
}
]
},
"device_user_code": {
"description": "Configures how long device & user codes are valid.",
"default": "10m",
"allOf": [
{
"$ref": "#/definitions/duration"
}
]
}
}
},
Expand Down Expand Up @@ -1124,6 +1170,28 @@
}
]
},
"device_authorization": {
"type": "object",
"additionalProperties": false,
"properties": {
"token_polling_interval": {
"allOf": [
{
"$ref": "#/definitions/duration"
}
],
"default": "5s",
"description": "Configures how often a non-interactive device should poll the device token endpoint, this is a purely informational configuration and does not enforce rate-limiting.",
"examples": ["5s", "15s", "1m"]
},
"user_code_entropy": {
"type": "string",
"description": "Sets the entropy for the user codes.",
"default": "medium",
"enum": ["high", "medium", "low"]
}
}
},
"token_hook": {
"description": "Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims.",
"examples": ["https://my-example.app/token-hook"],
Expand All @@ -1137,8 +1205,8 @@
}
]
}
}
},
}
},
"secrets": {
"type": "object",
"additionalProperties": false,
Expand Down Expand Up @@ -1183,7 +1251,7 @@
"examples": ["cpu"]
},
"tracing": {
"$ref": "https://raw.githubusercontent.com/ory/x/v0.0.675/otelx/config.schema.json"
"$ref": "ory://tracing-config"
},
"sqa": {
"type": "object",
Expand Down
5 changes: 4 additions & 1 deletion ...dler-common-case=create_clients-case=0-description=basic_dynamic_client_registration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...s/TestHandler-common-case=create_clients-case=1-description=basic_admin_registration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...apshots/TestHandler-common-case=create_clients-case=10-description=empty_ID_succeeds.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...ents-case=10-description=setting_skip_logout_consent_succeeds_for_admin_registration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...apshots/TestHandler-common-case=create_clients-case=12-description=empty_ID_succeeds.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...napshots/TestHandler-common-case=create_clients-case=2-description=empty_ID_succeeds.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion .../.snapshots/TestHandler-common-case=create_clients-case=4-description=non-uuid_works.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...andler-common-case=create_clients-case=5-description=setting_client_id_as_uuid_works.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...reate_clients-case=7-description=setting_skip_consent_suceeds_for_admin_registration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...napshots/TestHandler-common-case=create_clients-case=8-description=empty_ID_succeeds.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...eate_clients-case=8-description=setting_skip_consent_succeeds_for_admin_registration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...reate_clients-case=8-description=setting_skip_consent_suceeds_for_admin_registration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion ...napshots/TestHandler-common-case=create_clients-case=9-description=empty_ID_succeeds.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=admin.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
},
"status": 200
}
5 changes: 4 additions & 1 deletion client/.snapshots/TestHandler-common-case=fetching_existing_client-endpoint=selfservice.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,10 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
},
"status": 200
}
5 changes: 4 additions & 1 deletion client/.snapshots/TestHandler-common-case=update_the_lifespans_of_an_OAuth2_client.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@
"jwt_bearer_grant_access_token_lifespan": "37h0m0s",
"refresh_token_grant_id_token_lifespan": "40h0m0s",
"refresh_token_grant_access_token_lifespan": "41h0m0s",
"refresh_token_grant_refresh_token_lifespan": "42h0m0s"
"refresh_token_grant_refresh_token_lifespan": "42h0m0s",
"device_authorization_grant_id_token_lifespan": "45h0m0s",
"device_authorization_grant_access_token_lifespan": "46h0m0s",
"device_authorization_grant_refresh_token_lifespan": "47h0m0s"
},
"status": 200
}
5 changes: 4 additions & 1 deletion client/.snapshots/TestHandler-common-case=updating_existing_client-endpoint=admin.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,10 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
},
"status": 200
}
5 changes: 4 additions & 1 deletion ...estHandler-common-case=updating_existing_client-endpoint=dynamic_client_registration.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,10 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
},
"status": 200
}
5 changes: 4 additions & 1 deletion client/.snapshots/TestHandler-create_client_registration_tokens-case=0-dynamic=true.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion client/.snapshots/TestHandler-create_client_registration_tokens-case=1-dynamic=false.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,5 +27,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
5 changes: 4 additions & 1 deletion client/.snapshots/TestHandler-create_client_registration_tokens-case=2-dynamic=false.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,8 @@
"jwt_bearer_grant_access_token_lifespan": null,
"refresh_token_grant_id_token_lifespan": null,
"refresh_token_grant_access_token_lifespan": null,
"refresh_token_grant_refresh_token_lifespan": null
"refresh_token_grant_refresh_token_lifespan": null,
"device_authorization_grant_id_token_lifespan": null,
"device_authorization_grant_access_token_lifespan": null,
"device_authorization_grant_refresh_token_lifespan": null
}
24 changes: 24 additions & 0 deletions client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ type Client struct {
// - OpenID Connect Implicit Grant (deprecated!): `implicit`
// - Refresh Token Grant: `refresh_token`
// - OAuth 2.0 Token Exchange: `urn:ietf:params:oauth:grant-type:jwt-bearer`
// - OAuth 2.0 Device Code Grant: `urn:ietf:params:oauth:grant-type:device_code`
GrantTypes sqlxx.StringSliceJSONFormat `json:"grant_types" db:"grant_types"`

// OAuth 2.0 Client Response Types
Expand Down Expand Up @@ -379,6 +380,21 @@ type Lifespans struct {
//
// The lifespan of a refresh token issued by the OAuth2 2.0 Refresh Token Grant for this OAuth 2.0 Client.
RefreshTokenGrantRefreshTokenLifespan x.NullDuration `json:"refresh_token_grant_refresh_token_lifespan,omitempty" db:"refresh_token_grant_refresh_token_lifespan"`

// OAuth2 2.0 Device Authorization Grant ID Token Lifespan
//
// The lifespan of an ID token issued by the OAuth2 2.0 Device Authorization Grant for this OAuth 2.0 Client.
DeviceAuthorizationGrantIDTokenLifespan x.NullDuration `json:"device_authorization_grant_id_token_lifespan,omitempty" db:"device_authorization_grant_id_token_lifespan"`

// OAuth2 2.0 Device Authorization Grant Access Token Lifespan
//
// The lifespan of an access token issued by the OAuth2 2.0 Device Authorization Grant for this OAuth 2.0 Client.
DeviceAuthorizationGrantAccessTokenLifespan x.NullDuration `json:"device_authorization_grant_access_token_lifespan,omitempty" db:"device_authorization_grant_access_token_lifespan"`

// OAuth2 2.0 Device Authorization Grant Device Authorization Lifespan
//
// The lifespan of a Device Authorization issued by the OAuth2 2.0 Device Authorization Grant for this OAuth 2.0 Client.
DeviceAuthorizationGrantRefreshTokenLifespan x.NullDuration `json:"device_authorization_grant_refresh_token_lifespan,omitempty" db:"device_authorization_grant_refresh_token_lifespan"`
}

func (Client) TableName() string {
Expand Down Expand Up @@ -549,6 +565,14 @@ func (c *Client) GetEffectiveLifespan(gt fosite.GrantType, tt fosite.TokenType,
} else if tt == fosite.RefreshToken && c.RefreshTokenGrantRefreshTokenLifespan.Valid {
cl = &c.RefreshTokenGrantRefreshTokenLifespan.Duration
}
} else if gt == fosite.GrantTypeDeviceCode {
if tt == fosite.AccessToken && c.DeviceAuthorizationGrantAccessTokenLifespan.Valid {
cl = &c.DeviceAuthorizationGrantAccessTokenLifespan.Duration
} else if tt == fosite.IDToken && c.DeviceAuthorizationGrantIDTokenLifespan.Valid {
cl = &c.DeviceAuthorizationGrantIDTokenLifespan.Duration
} else if tt == fosite.RefreshToken && c.DeviceAuthorizationGrantRefreshTokenLifespan.Valid {
cl = &c.DeviceAuthorizationGrantRefreshTokenLifespan.Duration
}
}

if cl == nil {
Expand Down
Loading
Loading