@ -105,17 +105,18 @@ type AccessTokenResponse struct {
AccessToken string ` json:"access_token" `
AccessToken string ` json:"access_token" `
TokenType TokenType ` json:"token_type" `
TokenType TokenType ` json:"token_type" `
ExpiresIn int64 ` json:"expires_in" `
ExpiresIn int64 ` json:"expires_in" `
// TODO implement RefreshToken
RefreshToken string ` json:"refresh_token" `
RefreshToken string ` json:"refresh_token" `
}
}
func newAccessTokenResponse ( grant * models . OAuth2Grant ) ( * AccessTokenResponse , * AccessTokenError ) {
func newAccessTokenResponse ( grant * models . OAuth2Grant ) ( * AccessTokenResponse , * AccessTokenError ) {
if setting . OAuth2 . InvalidateRefreshTokens {
if err := grant . IncreaseCounter ( ) ; err != nil {
if err := grant . IncreaseCounter ( ) ; err != nil {
return nil , & AccessTokenError {
return nil , & AccessTokenError {
ErrorCode : AccessTokenErrorCodeInvalidGrant ,
ErrorCode : AccessTokenErrorCodeInvalidGrant ,
ErrorDescription : "cannot increase the grant counter" ,
ErrorDescription : "cannot increase the grant counter" ,
}
}
}
}
}
// generate access token to access the API
// generate access token to access the API
expirationDate := util . TimeStampNow ( ) . Add ( setting . OAuth2 . AccessTokenExpirationTime )
expirationDate := util . TimeStampNow ( ) . Add ( setting . OAuth2 . AccessTokenExpirationTime )
accessToken := & models . OAuth2Token {
accessToken := & models . OAuth2Token {
@ -366,7 +367,7 @@ func handleRefreshToken(ctx *context.Context, form auth.AccessTokenForm) {
}
}
// check if token got already used
// check if token got already used
if grant . Counter != token . Counter || token . Counter == 0 {
if setting . OAuth2 . InvalidateRefreshTokens && ( grant . Counter != token . Counter || token . Counter == 0 ) {
handleAccessTokenError ( ctx , AccessTokenError {
handleAccessTokenError ( ctx , AccessTokenError {
ErrorCode : AccessTokenErrorCodeUnauthorizedClient ,
ErrorCode : AccessTokenErrorCodeUnauthorizedClient ,
ErrorDescription : "token was already used" ,
ErrorDescription : "token was already used" ,