chore: add storage provider abstraction

Author: zepatrik

compose/compose.go

@@ -10,7 +10,7 @@ import (
 	"github.com/ory/fosite/token/jwt"
 )
 
-type Factory func(config fosite.Configurator, storage interface{}, strategy interface{}) interface{}
+type Factory func(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{}
 
 // Compose takes a config, a storage, a strategy and handlers to instantiate an OAuth2Provider:
 //
@@ -34,8 +34,8 @@ type Factory func(config fosite.Configurator, storage interface{}, strategy inte
 //	 )
 //
 // Compose makes use of interface{} types in order to be able to handle a all types of stores, strategies and handlers.
-func Compose(config *fosite.Config, storage interface{}, strategy interface{}, factories ...Factory) fosite.OAuth2Provider {
-	f := fosite.NewOAuth2Provider(storage.(fosite.Storage), config)
+func Compose(config *fosite.Config, storage fosite.Storage, strategy interface{}, factories ...Factory) fosite.OAuth2Provider {
+	f := fosite.NewOAuth2Provider(storage, config)
 	for _, factory := range factories {
 		res := factory(config, storage, strategy)
 		if ah, ok := res.(fosite.AuthorizeEndpointHandler); ok {
@@ -62,7 +62,7 @@ func Compose(config *fosite.Config, storage interface{}, strategy interface{}, f
 }
 
 // ComposeAllEnabled returns a fosite instance with all OAuth2 and OpenID Connect handlers enabled.
-func ComposeAllEnabled(config *fosite.Config, storage interface{}, key interface{}) fosite.OAuth2Provider {
+func ComposeAllEnabled(config *fosite.Config, storage fosite.Storage, key interface{}) fosite.OAuth2Provider {
 	keyGetter := func(context.Context) (interface{}, error) {
 		return key, nil
 	}

compose/compose_oauth2.go

@@ -11,24 +11,24 @@ import (
 
 // OAuth2AuthorizeExplicitFactory creates an OAuth2 authorize code grant ("authorize explicit flow") handler and registers
 // an access token, refresh token and authorize code validator.
-func OAuth2AuthorizeExplicitFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2AuthorizeExplicitFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.AuthorizeExplicitGrantHandler{
 		AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
 		RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
 		AuthorizeCodeStrategy:  strategy.(oauth2.AuthorizeCodeStrategy),
-		CoreStorage:            storage.(oauth2.CoreStorage),
-		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorage),
+		Storage:                storage.(oauth2.CoreStorage),
+		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorageProvider),
 		Config:                 config,
 	}
 }
 
 // OAuth2ClientCredentialsGrantFactory creates an OAuth2 client credentials grant handler and registers
 // an access token, refresh token and authorize code validator.
-func OAuth2ClientCredentialsGrantFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2ClientCredentialsGrantFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.ClientCredentialsGrantHandler{
 		HandleHelper: &oauth2.HandleHelper{
 			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
-			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
+			Storage:             storage.(oauth2.AccessTokenStorageProvider),
 			Config:              config,
 		},
 		Config: config,
@@ -37,7 +37,7 @@ func OAuth2ClientCredentialsGrantFactory(config fosite.Configurator, storage int
 
 // OAuth2RefreshTokenGrantFactory creates an OAuth2 refresh grant handler and registers
 // an access token, refresh token and authorize code validator.nmj
-func OAuth2RefreshTokenGrantFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2RefreshTokenGrantFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.RefreshTokenGrantHandler{
 		AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
 		RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
@@ -48,7 +48,7 @@ func OAuth2RefreshTokenGrantFactory(config fosite.Configurator, storage interfac
 
 // OAuth2AuthorizeImplicitFactory creates an OAuth2 implicit grant ("authorize implicit flow") handler and registers
 // an access token, refresh token and authorize code validator.
-func OAuth2AuthorizeImplicitFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2AuthorizeImplicitFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.AuthorizeImplicitGrantTypeHandler{
 		AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
 		AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
@@ -62,12 +62,12 @@ func OAuth2AuthorizeImplicitFactory(config fosite.Configurator, storage interfac
 // Deprecated: This factory is deprecated as a means to communicate that the ROPC grant type is widely discouraged and
 // is at the time of this writing going to be omitted in the OAuth 2.1 spec. For more information on why this grant type
 // is discouraged see: https://www.scottbrady91.com/oauth/why-the-resource-owner-password-credentials-grant-type-is-not-authentication-nor-suitable-for-modern-applications
-func OAuth2ResourceOwnerPasswordCredentialsFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2ResourceOwnerPasswordCredentialsFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.ResourceOwnerPasswordCredentialsGrantHandler{
 		ResourceOwnerPasswordCredentialsGrantStorage: storage.(oauth2.ResourceOwnerPasswordCredentialsGrantStorage),
 		HandleHelper: &oauth2.HandleHelper{
 			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
-			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
+			Storage:             storage.(oauth2.AccessTokenStorageProvider),
 			Config:              config,
 		},
 		RefreshTokenStrategy: strategy.(oauth2.RefreshTokenStrategy),
@@ -76,17 +76,17 @@ func OAuth2ResourceOwnerPasswordCredentialsFactory(config fosite.Configurator, s
 }
 
 // OAuth2TokenRevocationFactory creates an OAuth2 token revocation handler.
-func OAuth2TokenRevocationFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2TokenRevocationFactory(_ fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.TokenRevocationHandler{
-		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorage),
+		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorageProvider),
 		AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
 		RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
 	}
 }
 
 // OAuth2TokenIntrospectionFactory creates an OAuth2 token introspection handler and registers
 // an access token and refresh token validator.
-func OAuth2TokenIntrospectionFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2TokenIntrospectionFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.CoreValidator{
 		CoreStrategy: strategy.(oauth2.CoreStrategy),
 		CoreStorage:  storage.(oauth2.CoreStorage),
@@ -101,7 +101,7 @@ func OAuth2TokenIntrospectionFactory(config fosite.Configurator, storage interfa
 //
 // Due to the stateless nature of this factory, THE BUILT-IN REVOCATION MECHANISMS WILL NOT WORK.
 // If you need revocation, you can validate JWTs statefully, using the other factories.
-func OAuth2StatelessJWTIntrospectionFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2StatelessJWTIntrospectionFactory(config fosite.Configurator, _ fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.StatelessJWTValidator{
 		Signer: strategy.(jwt.Signer),
 		Config: config,

compose/compose_openid.go

@@ -14,9 +14,9 @@ import (
 // OpenIDConnectExplicitFactory creates an OpenID Connect explicit ("authorize code flow") grant handler.
 //
 // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
-func OpenIDConnectExplicitFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
-	return &openid.OpenIDConnectExplicitHandler{
-		OpenIDConnectRequestStorage: storage.(openid.OpenIDConnectRequestStorage),
+func OpenIDConnectExplicitFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
+	return &openid.ExplicitHandler{
+		Storage: storage.(openid.RequestStorageProvider),
 		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
 			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
 		},
@@ -28,7 +28,7 @@ func OpenIDConnectExplicitFactory(config fosite.Configurator, storage interface{
 // OpenIDConnectRefreshFactory creates a handler for refreshing openid connect tokens.
 //
 // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
-func OpenIDConnectRefreshFactory(config fosite.Configurator, _ interface{}, strategy interface{}) interface{} {
+func OpenIDConnectRefreshFactory(config fosite.Configurator, _ fosite.Storage, strategy interface{}) interface{} {
 	return &openid.OpenIDConnectRefreshHandler{
 		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
 			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
@@ -40,11 +40,11 @@ func OpenIDConnectRefreshFactory(config fosite.Configurator, _ interface{}, stra
 // OpenIDConnectImplicitFactory creates an OpenID Connect implicit ("implicit flow") grant handler.
 //
 // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
-func OpenIDConnectImplicitFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OpenIDConnectImplicitFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &openid.OpenIDConnectImplicitHandler{
 		AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{
 			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
-			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
+			AccessTokenStorage:  storage.(oauth2.AccessTokenStorageProvider),
 			Config:              config,
 		},
 		Config: config,
@@ -58,35 +58,35 @@ func OpenIDConnectImplicitFactory(config fosite.Configurator, storage interface{
 // OpenIDConnectHybridFactory creates an OpenID Connect hybrid grant handler.
 //
 // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
-func OpenIDConnectHybridFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OpenIDConnectHybridFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &openid.OpenIDConnectHybridHandler{
 		AuthorizeExplicitGrantHandler: &oauth2.AuthorizeExplicitGrantHandler{
 			AccessTokenStrategy:   strategy.(oauth2.AccessTokenStrategy),
 			RefreshTokenStrategy:  strategy.(oauth2.RefreshTokenStrategy),
 			AuthorizeCodeStrategy: strategy.(oauth2.AuthorizeCodeStrategy),
-			CoreStorage:           storage.(oauth2.CoreStorage),
+			Storage:               storage.(oauth2.CoreStorage),
 			Config:                config,
 		},
 		Config: config,
 		AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{
 			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
-			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
+			AccessTokenStorage:  storage.(oauth2.AccessTokenStorageProvider),
 			Config:              config,
 		},
 		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
 			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
 		},
-		OpenIDConnectRequestStorage:   storage.(openid.OpenIDConnectRequestStorage),
+		OpenIDConnectRequestStorage:   storage.(openid.RequestStorageProvider),
 		OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(strategy.(jwt.Signer), config),
 	}
 }
 
 // OpenIDConnectDeviceFactory creates an OpenID Connect device ("device code flow") grant handler.
 //
 // **Important note:** You must add this handler *after* you have added an OAuth2 device authorization handler!
-func OpenIDConnectDeviceFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OpenIDConnectDeviceFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &openid.OpenIDConnectDeviceHandler{
-		OpenIDConnectRequestStorage: storage.(openid.OpenIDConnectRequestStorage),
+		OpenIDConnectRequestStorage: storage.(openid.RequestStorageProvider),
 		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
 			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
 		},

compose/compose_par.go

@@ -9,9 +9,9 @@ import (
 )
 
 // PushedAuthorizeHandlerFactory creates the basic PAR handler
-func PushedAuthorizeHandlerFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func PushedAuthorizeHandlerFactory(config fosite.Configurator, storage fosite.Storage, _ interface{}) interface{} {
 	return &par.PushedAuthorizeHandler{
-		Storage: storage,
+		Storage: storage.(par.StorageProvider),
 		Config:  config,
 	}
 }

compose/compose_pkce.go

@@ -10,10 +10,10 @@ import (
 )
 
 // OAuth2PKCEFactory creates a PKCE handler.
-func OAuth2PKCEFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func OAuth2PKCEFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &pkce.Handler{
 		AuthorizeCodeStrategy: strategy.(oauth2.AuthorizeCodeStrategy),
-		Storage:               storage.(pkce.PKCERequestStorage),
+		Storage:               storage.(pkce.RequestStorageProvider),
 		Config:                config,
 	}
 }

compose/compose_rfc7523.go

@@ -11,12 +11,12 @@ import (
 
 // RFC7523AssertionGrantFactory creates an OAuth2 Authorize JWT Grant (using JWTs as Authorization Grants) handler
 // and registers an access token, refresh token and authorize code validator.
-func RFC7523AssertionGrantFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func RFC7523AssertionGrantFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &rfc7523.Handler{
 		Storage: storage.(rfc7523.RFC7523KeyStorage),
 		HandleHelper: &oauth2.HandleHelper{
 			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
-			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
+			Storage:             storage.(oauth2.AccessTokenStorageProvider),
 			Config:              config,
 		},
 		Config: config,

compose/compose_rfc8628.go

@@ -13,25 +13,25 @@ import (
 
 // RFC8628DeviceFactory creates an OAuth2 device code grant ("Device Authorization Grant") handler and registers
 // a user code, device code, access token and a refresh token validator.
-func RFC8628DeviceFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func RFC8628DeviceFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &rfc8628.DeviceAuthHandler{
 		Strategy: strategy.(rfc8628.RFC8628CodeStrategy),
-		Storage:  storage.(rfc8628.RFC8628CoreStorage),
+		Storage:  storage.(rfc8628.Storage),
 		Config:   config,
 	}
 }
 
 // RFC8628DeviceAuthorizationTokenFactory creates an OAuth2 device authorization grant ("Device Authorization Grant") handler and registers
 // an access token, refresh token and authorize code validator.
-func RFC8628DeviceAuthorizationTokenFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{} {
+func RFC8628DeviceAuthorizationTokenFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &rfc8628.DeviceCodeTokenEndpointHandler{
 		DeviceRateLimitStrategy: strategy.(rfc8628.DeviceRateLimitStrategy),
 		DeviceCodeStrategy:      strategy.(rfc8628.DeviceCodeStrategy),
 		UserCodeStrategy:        strategy.(rfc8628.UserCodeStrategy),
 		AccessTokenStrategy:     strategy.(oauth2.AccessTokenStrategy),
 		RefreshTokenStrategy:    strategy.(oauth2.RefreshTokenStrategy),
-		CoreStorage:             storage.(rfc8628.RFC8628CoreStorage),
-		TokenRevocationStorage:  storage.(oauth2.TokenRevocationStorage),
+		CoreStorage:             storage.(rfc8628.Storage),
+		TokenRevocationStorage:  storage.(oauth2.TokenRevocationStorageProvider),
 		Config:                  config,
 	}
 }

handler/oauth2/flow_authorize_code_auth.go

@@ -23,8 +23,8 @@ type AuthorizeExplicitGrantHandler struct {
 	AccessTokenStrategy    AccessTokenStrategy
 	RefreshTokenStrategy   RefreshTokenStrategy
 	AuthorizeCodeStrategy  AuthorizeCodeStrategy
-	CoreStorage            CoreStorage
-	TokenRevocationStorage TokenRevocationStorage
+	Storage                CoreStorage
+	TokenRevocationStorage TokenRevocationStorageProvider
 	Config                 interface {
 		fosite.AuthorizeCodeLifespanProvider
 		fosite.AccessTokenLifespanProvider
@@ -83,7 +83,7 @@ func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context,
 	}
 
 	ar.GetSession().SetExpiresAt(fosite.AuthorizeCode, time.Now().UTC().Add(c.Config.GetAuthorizeCodeLifespan(ctx)))
-	if err := c.CoreStorage.CreateAuthorizeCodeSession(ctx, signature, ar.Sanitize(c.GetSanitationWhiteList(ctx))); err != nil {
+	if err := c.Storage.AuthorizeCodeStorage().CreateAuthorizeCodeSession(ctx, signature, ar.Sanitize(c.GetSanitationWhiteList(ctx))); err != nil {
 		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
 	}
 

handler/oauth2/flow_authorize_code_auth_test.go

@@ -29,7 +29,7 @@ func TestAuthorizeCode_HandleAuthorizeEndpointRequest(t *testing.T) {
 		t.Run("strategy="+k, func(t *testing.T) {
 			store := storage.NewMemoryStore()
 			handler := AuthorizeExplicitGrantHandler{
-				CoreStorage:           store,
+				Storage:               store,
 				AuthorizeCodeStrategy: strategy,
 				Config: &fosite.Config{
 					AudienceMatchingStrategy: fosite.DefaultAudienceMatchingStrategy,
@@ -123,7 +123,7 @@ func TestAuthorizeCode_HandleAuthorizeEndpointRequest(t *testing.T) {
 				},
 				{
 					handler: AuthorizeExplicitGrantHandler{
-						CoreStorage:           store,
+						Storage:               store,
 						AuthorizeCodeStrategy: strategy,
 						Config: &fosite.Config{
 							ScopeStrategy:            fosite.HierarchicScopeStrategy,