add revoke

2025-09-17 16:51:35 -03:00
parent 207231cff6
commit b2303fc60a
18 changed files with 411 additions and 140 deletions
--- a/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py
+++ b/id.saladeaula.digital/app/integrations/apigateway_oauth2/authorization_server.py
@@ -68,15 +68,30 @@ class AuthorizationServer(oauth2.AuthorizationServer):
            raise ValueError('Missing request user')

        now_ = now()
-        client_id = request.payload.client_id
+        client_id = (
+            request.client.get_client_id()
+            if request.client
+            else request.payload.client_id
+        )
+        user_id = request.user.get('id')
        access_token = token['access_token']
        refresh_token = token.get('refresh_token')
        token_type = token['token_type']
        scope = token['scope']
        expires_in = int(token['expires_in'])
        issued_at = int(now_.timestamp())
+        access_token_ttl = ttl(start_dt=now_, seconds=expires_in)
+        refresh_token_ttl = ttl(start_dt=now_, seconds=OAUTH2_REFRESH_TOKEN_EXPIRES_IN)

        with self._persistence_layer.transact_writer() as transact:
+            transact.put(
+                item={
+                    'id': user_id,
+                    'sk': f'SESSION#ACCESS_TOKEN#{access_token}',
+                    'ttl': access_token_ttl,
+                    'created_at': now_,
+                }
+            )
            transact.put(
                item={
                    'id': 'OAUTH2#TOKEN',
@@ -88,11 +103,19 @@ class AuthorizationServer(oauth2.AuthorizationServer):
                    'user': request.user,
                    'expires_in': expires_in,
                    'issued_at': issued_at,
-                    'ttl': ttl(start_dt=now_, seconds=expires_in),
+                    'ttl': access_token_ttl,
                },
            )

            if refresh_token:
+                transact.put(
+                    item={
+                        'id': user_id,
+                        'sk': f'SESSION#REFRESH_TOKEN#{refresh_token}',
+                        'ttl': access_token_ttl,
+                        'created_at': now_,
+                    }
+                )
                transact.put(
                    item={
                        'id': 'OAUTH2#TOKEN',
@@ -104,9 +127,7 @@ class AuthorizationServer(oauth2.AuthorizationServer):
                        'user': request.user,
                        'expires_in': OAUTH2_REFRESH_TOKEN_EXPIRES_IN,
                        'issued_at': issued_at,
-                        'ttl': ttl(
-                            start_dt=now_, seconds=OAUTH2_REFRESH_TOKEN_EXPIRES_IN
-                        ),
+                        'ttl': refresh_token_ttl,
                    },
                )

@@ -114,7 +135,10 @@ class AuthorizationServer(oauth2.AuthorizationServer):

    def query_client(self, client_id: str):
        client = self._persistence_layer.collection.get_item(
-            KeyPair(pk='OAUTH2', sk=f'CLIENT_ID#{client_id}'),
+            KeyPair(
+                pk='OAUTH2',
+                sk=f'CLIENT_ID#{client_id}',
+            ),
            exc_cls=ClientNotFoundError,
        )

@@ -125,9 +149,7 @@ class AuthorizationServer(oauth2.AuthorizationServer):
            redirect_uris=client['redirect_uris'],
            response_types=client['response_types'],
            grant_types=client['grant_types'],
-            token_endpoint_auth_method=client.get(
-                'token_endpoint_auth_method', 'client_secret_basic'
-            ),
+            token_endpoint_auth_method=client.get('token_endpoint_auth_method', 'none'),
        )

    def create_oauth2_request(