-
Notifications
You must be signed in to change notification settings - Fork 482
/
refresh_token.go
37 lines (32 loc) · 1.16 KB
/
refresh_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
package domain
import (
"encoding/base64"
"strings"
"github.com/zitadel/zitadel/internal/crypto"
caos_errors "github.com/zitadel/zitadel/internal/errors"
)
func NewRefreshToken(userID, tokenID string, algorithm crypto.EncryptionAlgorithm) (string, error) {
return RefreshToken(userID, tokenID, tokenID, algorithm)
}
func RefreshToken(userID, tokenID, token string, algorithm crypto.EncryptionAlgorithm) (string, error) {
encrypted, err := algorithm.Encrypt([]byte(userID + ":" + tokenID + ":" + token))
if err != nil {
return "", err
}
return base64.RawURLEncoding.EncodeToString(encrypted), nil
}
func FromRefreshToken(refreshToken string, algorithm crypto.EncryptionAlgorithm) (userID, tokenID, token string, err error) {
decoded, err := base64.RawURLEncoding.DecodeString(refreshToken)
if err != nil {
return "", "", "", err
}
decrypted, err := algorithm.Decrypt(decoded, algorithm.EncryptionKeyID())
if err != nil {
return "", "", "", err
}
split := strings.Split(string(decrypted), ":")
if len(split) != 3 {
return "", "", "", caos_errors.ThrowInternal(nil, "DOMAIN-BGDhn", "Errors.User.RefreshToken.Invalid")
}
return split[0], split[1], split[2], nil
}