Add refresh token button

2025-02-08 18:32:02 +01:00 · 2025-02-08 18:32:02 +01:00 · 923a63f5d5
commit 923a63f5d5
parent ff72f0cae5
6 changed files with 58 additions and 24 deletions
--- a/src/oidc_test/main.py
+++ b/src/oidc_test/main.py
@ -35,6 +35,8 @@ from .auth_utils import (
    authlib_oauth,
    get_providers_info,
    get_token_or_none,
+    get_token,
+    update_token,
 )
 from .auth_misc import pretty_details
 from .database import TokenNotInDb, db
@ -97,7 +99,7 @@ async def home(
        access_token_scope = None
    else:
        try:
-            access_token_scope = user.decode_access_token()["scope"]
+            access_token_scope = user.get_scope(verify_signature=False)
        except InvalidTokenError as err:
            access_token_scope = None
            logger.info("Invalid token")
@ -113,15 +115,22 @@ async def home(
        "resources": resources,
    }
    if token is None:
+        context["access_token"] = None
        context["id_token_parsed"] = None
        context["access_token_parsed"] = None
        context["refresh_token_parsed"] = None
    else:
+        context["access_token"] = token["access_token"]
        assert oidc_provider is not None
        assert oidc_provider.name is not None
        oidc_provider_settings = oidc_providers_settings[oidc_provider.name]
-        context["id_token_parsed"] = pretty_details(user, now)
-        context["access_token_parsed"] = oidc_provider_settings.decode(token["access_token"])
+        # context["id_token_parsed"] = pretty_details(user, now)
+        context["id_token_parsed"] = oidc_provider_settings.decode(
+            token["id_token"], verify_signature=False
+        )
+        context["access_token_parsed"] = oidc_provider_settings.decode(
+            token["access_token"], verify_signature=False
+        )
        context["refresh_token_parsed"] = oidc_provider_settings.decode(
            token["refresh_token"], verify_signature=False
        )
@ -282,6 +291,21 @@ async def non_compliant_logout(
    )


+@app.get("/refresh")
+async def refresh(
+    request: Request,
+    oidc_provider: Annotated[StarletteOAuth2App, Depends(get_oidc_provider)],
+    token: Annotated[OAuth2Token, Depends(get_token)],
+) -> RedirectResponse:
+    """Manually refresh token"""
+    new_token = await oidc_provider.fetch_access_token(
+        refresh_token=token["refresh_token"],
+        grant_type="refresh_token",
+    )
+    await update_token(oidc_provider.name, new_token)
+    return RedirectResponse(url=request.url_for("home"))
+
+
 # Snippet for running standalone
 # Mostly useful for the --version option,
 # as running with uvicorn is easy and provides better flexibility, eg.