fix: rotate refresh token

lakhansamani · lakhansamani · commit 7136ee924d7d · 2022-03-08T19:18:33.000+05:30
diff --git a/server/handlers/token.go b/server/handlers/token.go
@@ -143,6 +143,8 @@ func TokenHandler() gin.HandlerFunc {
 			userID = claims["sub"].(string)
 			roles = claims["roles"].([]string)
 			scope = claims["scope"].([]string)
+			// remove older refresh token and rotate it for security
+			sessionstore.RemoveState(refreshToken)
 		}
 
 		user, err := db.Provider.GetUserByID(userID)

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,8 @@ func TokenHandler() gin.HandlerFunc {`
`143`	`143`	`userID = claims["sub"].(string)`
`144`	`144`	`roles = claims["roles"].([]string)`
`145`	`145`	`scope = claims["scope"].([]string)`
	`146`	`+ // remove older refresh token and rotate it for security`
	`147`	`+ sessionstore.RemoveState(refreshToken)`
`146`	`148`	`}`
`147`	`149`
`148`	`150`	`user, err := db.Provider.GetUserByID(userID)`