feat(oidc): persist hashed OIDC tokens, authorization codes, and user consent in smartdata storage

2026-04-20 08:40:40 +00:00
parent fe9da65437
commit d913dfaeb1
11 changed files with 457 additions and 143 deletions
@@ -0,0 +1,44 @@
+import * as plugins from '../plugins.js';
+import type { OidcManager } from './classes.oidcmanager.js';
+
+@plugins.smartdata.Manager()
+export class OidcAuthorizationCode extends plugins.smartdata.SmartDataDbDoc<
+  OidcAuthorizationCode,
+  plugins.idpInterfaces.data.IAuthorizationCode,
+  OidcManager
+> {
+  public static hashCode(codeArg: string) {
+    return plugins.smarthash.sha256FromStringSync(codeArg);
+  }
+
+  @plugins.smartdata.unI()
+  public id: string;
+
+  @plugins.smartdata.svDb()
+  public data: plugins.idpInterfaces.data.IAuthorizationCode['data'] = {
+    codeHash: '',
+    clientId: '',
+    userId: '',
+    scopes: [],
+    redirectUri: '',
+    codeChallenge: undefined,
+    codeChallengeMethod: undefined,
+    nonce: undefined,
+    expiresAt: 0,
+    issuedAt: 0,
+    used: false,
+  };
+
+  public isExpired() {
+    return this.data.expiresAt < Date.now();
+  }
+
+  public matchesCode(codeArg: string) {
+    return this.data.codeHash === OidcAuthorizationCode.hashCode(codeArg);
+  }
+
+  public async markUsed() {
+    this.data.used = true;
+    await this.save();
+  }
+}