Mark access token as used when calling the userinfo endpoint

sandhose · sandhose · commit 662f19957208 · 2024-12-11T14:15:01.000+01:00
diff --git a/crates/axum-utils/src/user_authorization.rs b/crates/axum-utils/src/user_authorization.rs
@@ -117,6 +117,11 @@ impl<F: Send> UserAuthorization<F> {
             return Err(AuthorizationVerificationError::InvalidToken);
         }
 
+        if !token.is_used() {
+            // Mark the token as used
+            repo.oauth2_access_token().mark_used(clock, token).await?;
+        }
+
         Ok(session)
     }
 }
diff --git a/crates/handlers/src/oauth2/userinfo.rs b/crates/handlers/src/oauth2/userinfo.rs
@@ -142,6 +142,8 @@ pub async fn get(
         .await?
         .ok_or(RouteError::NoSuchClient)?;
 
+    repo.save().await?;
+
     if let Some(alg) = client.userinfo_signed_response_alg {
         let key = key_store
             .signing_key_for_algorithm(&alg)

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,11 @@ impl<F: Send> UserAuthorization<F> {`
`117`	`117`	`return Err(AuthorizationVerificationError::InvalidToken);`
`118`	`118`	`}`
`119`	`119`
	`120`	`+ if !token.is_used() {`
	`121`	`+ // Mark the token as used`
	`122`	`+ repo.oauth2_access_token().mark_used(clock, token).await?;`
	`123`	`+ }`
	`124`	`+`
`120`	`125`	`Ok(session)`
`121`	`126`	`}`
`122`	`127`	`}`