mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-19 16:57:40 +03:00
90dc3a5669
* Obtain refresh token from Auth0 Auth0 requires the `offline_access` scope to be set to return a refresh token. See https://auth0.com/docs/tokens/refresh-tokens/get-refresh-tokens Additionally, the `audience` claim needs to be set to obtain a JWT access token and a refresh token. See https://auth0.com/docs/tokens/refresh-tokens changelog_begin changelog_end * Implement refresh endpoint on auth middleware Following the refresh spec [1] and Auth0 documentation [2]. [1]: https://tools.ietf.org/html/rfc6749#section-6 [2]: https://auth0.com/docs/tokens/refresh-tokens/use-refresh-tokens * Adapt Auth0 example configuration Ignore any requests outside the ledger-api audience. Don't throw on missing query fields. Otherwise the unhandled exception would prevent unrelated requests from succeeding. E.g. token refresh requests would always fail. * Forward unauthorized/forbidden response on refresh * re-use precomputed token payload * Implement token refresh in auth test server Reuses the association between authorization code and token payload to associate refresh tokens and token payload. Adds an expiry to the generated token to make tokens distinguishable across refresh. * obtain refresh token in test client * Test auth server refresh token * auth test server clock configurable The clock used to define token expiry is configurable * Override default clock in test fixture * implement an adjustable clock * Test token refresh with adjustable clock * Test token expiry on /auth backend * Test case for auth middleware /refresh endpoint * handle malformed code/refresh token in auth server * Forward client errors on middleware refresh * Test middleware refresh failure * Clarify meaning of offline accesss * Remove redundant testing only comment Co-authored-by: Andreas Herrmann <andreas.herrmann@tweag.io> |
||
---|---|---|
.. | ||
src/main/scala/com/digitalasset/clock | ||
BUILD.bazel |