invalidate authorization code

wwWallet · Sep 26, 2023 · 42a2d69 · 42a2d69
1 parent 120208e
commit 42a2d69
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/src/openid4vci/grant_types/AuthorizationCodeGrant.ts b/src/openid4vci/grant_types/AuthorizationCodeGrant.ts
@@ -54,10 +54,10 @@ export async function authorizationCodeGrantTokenEndpoint(body: TokenRequestBody
 		.createQueryBuilder("state")
 		.where("state.authorization_code = :code", { code: body.code })
 		.getOne();
+
 	if (!userSession) {
 		throw `No user session was found for authorization code ${body.code}`
 	}
-
 
 	return generateAccessToken(userSession);
 }
diff --git a/src/openid4vci/utils/generateAccessToken.ts b/src/openid4vci/utils/generateAccessToken.ts
@@ -9,7 +9,7 @@ const accessTokenExpirationInSeconds = 8000;
 export async function generateAccessToken(userSession: AuthorizationServerState): Promise<TokenResponseSchemaType> {
 
 	const credentialIssuersIdentifiers: string[] = [];
-
+	
 	if (userSession.authorization_details) {
 		for (const ad of userSession?.authorization_details) {
 			if (ad.locations) {
@@ -25,6 +25,8 @@ export async function generateAccessToken(userSession: AuthorizationServerState)
 	userSession.c_nonce = crypto.randomBytes(60).toString('base64url');
 	userSession.c_nonce_expires_in = accessTokenExpirationInSeconds;
 
+
+
 	// store user session in access token
 	console.log("User session on AT generation: ", userSession);
 	console.log("Serialized user session", AuthorizationServerState.serialize(userSession))

diff --git a/src/services/OpenidForCredentialIssuingAuthorizationServerService.ts b/src/services/OpenidForCredentialIssuingAuthorizationServerService.ts
@@ -168,6 +168,7 @@ export class OpenidForCredentialIssuingAuthorizationServerService implements Ope
 				let state = await this.authorizationServerStateRepository.createQueryBuilder("state")
 					.where("state.authorization_code = :code", { code: body.code })
 					.getOne();
+
 				if (!state)
 					throw new Error("Could not get session");
 				// if (!userSession.categorizedRawCredentials) {
@@ -179,6 +180,10 @@ export class OpenidForCredentialIssuingAuthorizationServerService implements Ope
 				// 	throw new Error("Could not get categorized raw credential");
 
 				response = await authorizationCodeGrantTokenEndpoint(body, req.headers.authorization);
+				if (state.authorization_code) {
+					state.authorization_code = "";
+					await this.authorizationServerStateRepository.save(state);
+				}
 			}
 			catch (err) {
 				console.error("Error = ", err)