feat(oidc): persist hashed OIDC tokens, authorization codes, and user consent in smartdata storage

2026-04-20 08:40:40 +00:00
parent fe9da65437
commit d913dfaeb1
11 changed files with 457 additions and 143 deletions
@@ -0,0 +1,34 @@
+import * as plugins from '../plugins.js';
+import type { OidcManager } from './classes.oidcmanager.js';
+
+@plugins.smartdata.Manager()
+export class OidcAccessToken extends plugins.smartdata.SmartDataDbDoc<
+  OidcAccessToken,
+  plugins.idpInterfaces.data.IOidcAccessToken,
+  OidcManager
+> {
+  public static hashToken(tokenArg: string) {
+    return plugins.smarthash.sha256FromStringSync(tokenArg);
+  }
+
+  @plugins.smartdata.unI()
+  public id: string;
+
+  @plugins.smartdata.svDb()
+  public data: plugins.idpInterfaces.data.IOidcAccessToken['data'] = {
+    tokenHash: '',
+    clientId: '',
+    userId: '',
+    scopes: [],
+    expiresAt: 0,
+    issuedAt: 0,
+  };
+
+  public isExpired() {
+    return this.data.expiresAt < Date.now();
+  }
+
+  public matchesToken(tokenArg: string) {
+    return this.data.tokenHash === OidcAccessToken.hashToken(tokenArg);
+  }
+}