chore: continue interface refactor - wip

Author: shaunnkhan

compose/compose_oauth2.go

@@ -13,44 +13,53 @@ import (
 // an access token, refresh token and authorize code validator.
 func OAuth2AuthorizeExplicitFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.AuthorizeExplicitGrantHandler{
-		AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
-		RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
-		AuthorizeCodeStrategy:  strategy.(oauth2.AuthorizeCodeStrategy),
-		Storage:                storage.(oauth2.CoreStorage),
-		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorageProvider),
-		Config:                 config,
+		Strategy: strategy.(interface {
+			oauth2.AccessTokenStrategyProvider
+			oauth2.RefreshTokenStrategyProvider
+			oauth2.AuthorizeCodeStrategyProvider
+		}),
+		Storage: storage.(interface {
+			oauth2.AuthorizeCodeStorageProvider
+			oauth2.AccessTokenStorageProvider
+			oauth2.RefreshTokenStorageProvider
+			oauth2.TokenRevocationStorageProvider
+		}),
+		Config: config,
 	}
 }
 
 // OAuth2ClientCredentialsGrantFactory creates an OAuth2 client credentials grant handler and registers
 // an access token, refresh token and authorize code validator.
 func OAuth2ClientCredentialsGrantFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.ClientCredentialsGrantHandler{
-		HandleHelper: &oauth2.HandleHelper{
-			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
-			Storage:             storage.(oauth2.AccessTokenStorageProvider),
-			Config:              config,
-		},
-		Config: config,
+		Strategy: strategy.(oauth2.AccessTokenStrategyProvider),
+		Storage:  storage.(oauth2.AccessTokenStorageProvider),
+		Config:   config,
 	}
 }
 
 // OAuth2RefreshTokenGrantFactory creates an OAuth2 refresh grant handler and registers
 // an access token, refresh token and authorize code validator.nmj
 func OAuth2RefreshTokenGrantFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &oauth2.RefreshTokenGrantHandler{
-		AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
-		RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
-		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorageProvider),
-		Config:                 config,
+		Strategy: strategy.(interface {
+			oauth2.AccessTokenStrategyProvider
+			oauth2.RefreshTokenStrategyProvider
+		}),
+		Storage: storage.(interface {
+			oauth2.AccessTokenStorageProvider
+			oauth2.RefreshTokenStorageProvider
+			oauth2.TokenRevocationStorageProvider
+		}),
+		Config: config,
 	}
 }
 
 // OAuth2AuthorizeImplicitFactory creates an OAuth2 implicit grant ("authorize implicit flow") handler and registers
 // an access token, refresh token and authorize code validator.
 func OAuth2AuthorizeImplicitFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
-	return &oauth2.AuthorizeImplicitGrantTypeHandler{
-		AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
+	return &oauth2.AuthorizeImplicitGrantHandler{
+		AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategyProvider),
 		AccessTokenStorage:  storage.(oauth2.AccessTokenStorageProvider),
 		Config:              config,
 	}

compose/compose_openid.go

@@ -42,7 +42,7 @@ func OpenIDConnectRefreshFactory(config fosite.Configurator, _ fosite.Storage, s
 // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
 func OpenIDConnectImplicitFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &openid.OpenIDConnectImplicitHandler{
-		AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{
+		AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantHandler{
 			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
 			AccessTokenStorage:  storage.(oauth2.AccessTokenStorageProvider),
 			Config:              config,
@@ -68,7 +68,7 @@ func OpenIDConnectHybridFactory(config fosite.Configurator, storage fosite.Stora
 			Config:                config,
 		},
 		Config: config,
-		AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{
+		AuthorizeImplicitGrantHandler: &oauth2.AuthorizeImplicitGrantHandler{
 			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
 			AccessTokenStorage:  storage.(oauth2.AccessTokenStorageProvider),
 			Config:              config,

compose/compose_pkce.go

@@ -12,8 +12,8 @@ import (
 // OAuth2PKCEFactory creates a PKCE handler.
 func OAuth2PKCEFactory(config fosite.Configurator, storage fosite.Storage, strategy interface{}) interface{} {
 	return &pkce.Handler{
-		AuthorizeCodeStrategy: strategy.(oauth2.AuthorizeCodeStrategy),
-		Storage:               storage.(pkce.PKCERequestStorageProvider),
-		Config:                config,
+		Strategy: strategy.(oauth2.AuthorizeCodeStrategy),
+		Storage:  storage.(pkce.PKCERequestStorageProvider),
+		Config:   config,
 	}
 }

compose/compose_strategy.go

@@ -15,9 +15,16 @@ import (
 )
 
 type CommonStrategy struct {
-	oauth2.CoreStrategy
-	rfc8628.RFC8628CodeStrategy
+	oauth2.AuthorizeCodeStrategyProvider
+	oauth2.AccessTokenStrategyProvider
+	oauth2.RefreshTokenStrategyProvider
+
 	openid.OpenIDConnectTokenStrategy
+
+	rfc8628.DeviceRateLimitStrategyProvider
+	rfc8628.DeviceCodeStrategyProvider
+	rfc8628.UserCodeStrategyProvider
+
 	jwt.Signer
 }
 
@@ -38,9 +45,9 @@ func NewOAuth2HMACStrategy(config HMACSHAStrategyConfigurator) *oauth2.HMACSHASt
 
 func NewOAuth2JWTStrategy(keyGetter func(context.Context) (interface{}, error), strategy oauth2.CoreStrategy, config fosite.Configurator) *oauth2.DefaultJWTStrategy {
 	return &oauth2.DefaultJWTStrategy{
-		Signer:          &jwt.DefaultSigner{GetPrivateKey: keyGetter},
-		HMACSHAStrategy: strategy,
-		Config:          config,
+		Signer:   &jwt.DefaultSigner{GetPrivateKey: keyGetter},
+		Strategy: strategy,
+		Config:   config,
 	}
 }
 

handler/oauth2/flow_authorize_code_auth.go

@@ -9,23 +9,30 @@ import (
 	"strings"
 	"time"
 
-	"github.com/ory/x/errorsx"
-
 	"github.com/ory/fosite"
+	"github.com/ory/x/errorsx"
 )
 
-var _ fosite.AuthorizeEndpointHandler = (*AuthorizeExplicitGrantHandler)(nil)
-var _ fosite.TokenEndpointHandler = (*AuthorizeExplicitGrantHandler)(nil)
+var (
+	_ fosite.AuthorizeEndpointHandler = (*AuthorizeExplicitGrantHandler)(nil)
+	_ fosite.TokenEndpointHandler     = (*AuthorizeExplicitGrantHandler)(nil)
+)
 
 // AuthorizeExplicitGrantHandler is a response handler for the Authorize Code grant using the explicit grant type
 // as defined in https://tools.ietf.org/html/rfc6749#section-4.1
 type AuthorizeExplicitGrantHandler struct {
-	AccessTokenStrategy    AccessTokenStrategy
-	RefreshTokenStrategy   RefreshTokenStrategy
-	AuthorizeCodeStrategy  AuthorizeCodeStrategy
-	Storage                CoreStorage
-	TokenRevocationStorage TokenRevocationStorageProvider
-	Config                 interface {
+	Storage interface {
+		AuthorizeCodeStorageProvider
+		AccessTokenStorageProvider
+		RefreshTokenStorageProvider
+		TokenRevocationStorageProvider
+	}
+	Strategy interface {
+		AuthorizeCodeStrategyProvider
+		AccessTokenStrategyProvider
+		RefreshTokenStrategyProvider
+	}
+	Config interface {
 		fosite.AuthorizeCodeLifespanProvider
 		fosite.AccessTokenLifespanProvider
 		fosite.RefreshTokenLifespanProvider
@@ -77,7 +84,7 @@ func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx conte
 }
 
 func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
-	code, signature, err := c.AuthorizeCodeStrategy.GenerateAuthorizeCode(ctx, ar)
+	code, signature, err := c.Strategy.AuthorizeCodeStrategy().GenerateAuthorizeCode(ctx, ar)
 	if err != nil {
 		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
 	}

handler/oauth2/flow_authorize_code_token.go

@@ -7,11 +7,10 @@ import (
 	"context"
 	"time"
 
+	"github.com/ory/fosite"
 	"github.com/ory/x/errorsx"
 
 	"github.com/pkg/errors"
-
-	"github.com/ory/fosite"
 )
 
 // HandleTokenEndpointRequest implements
@@ -26,7 +25,7 @@ func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.C
 	}
 
 	code := request.GetRequestForm().Get("code")
-	signature := c.AuthorizeCodeStrategy.AuthorizeCodeSignature(ctx, code)
+	signature := c.Strategy.AuthorizeCodeStrategy().AuthorizeCodeSignature(ctx, code)
 	authorizeRequest, err := c.Storage.AuthorizeCodeStorage().GetAuthorizeCodeSession(ctx, signature, request.GetSession())
 	if errors.Is(err, fosite.ErrInvalidatedAuthorizeCode) {
 		if authorizeRequest == nil {
@@ -39,11 +38,11 @@ func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.C
 		reqID := authorizeRequest.GetID()
 		hint := "The authorization code has already been used."
 		debug := ""
-		if revErr := c.TokenRevocationStorage.TokenRevocationStorage().RevokeAccessToken(ctx, reqID); revErr != nil {
+		if revErr := c.Storage.TokenRevocationStorage().RevokeAccessToken(ctx, reqID); revErr != nil {
 			hint += " Additionally, an error occurred during processing the access token revocation."
 			debug += "Revocation of access_token lead to error " + revErr.Error() + "."
 		}
-		if revErr := c.TokenRevocationStorage.TokenRevocationStorage().RevokeRefreshToken(ctx, reqID); revErr != nil {
+		if revErr := c.Storage.TokenRevocationStorage().RevokeRefreshToken(ctx, reqID); revErr != nil {
 			hint += " Additionally, an error occurred during processing the refresh token revocation."
 			debug += "Revocation of refresh_token lead to error " + revErr.Error() + "."
 		}
@@ -56,7 +55,7 @@ func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.C
 
 	// The authorization server MUST verify that the authorization code is valid
 	// This needs to happen after store retrieval for the session to be hydrated properly
-	if err := c.AuthorizeCodeStrategy.ValidateAuthorizeCode(ctx, request, code); err != nil {
+	if err := c.Strategy.AuthorizeCodeStrategy().ValidateAuthorizeCode(ctx, request, code); err != nil {
 		return errorsx.WithStack(fosite.ErrInvalidGrant.WithWrap(err).WithDebug(err.Error()))
 	}
 
@@ -120,11 +119,11 @@ func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx contex
 	}
 
 	code := requester.GetRequestForm().Get("code")
-	signature := c.AuthorizeCodeStrategy.AuthorizeCodeSignature(ctx, code)
+	signature := c.Strategy.AuthorizeCodeStrategy().AuthorizeCodeSignature(ctx, code)
 	authorizeRequest, err := c.Storage.AuthorizeCodeStorage().GetAuthorizeCodeSession(ctx, signature, requester.GetSession())
 	if err != nil {
 		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
-	} else if err := c.AuthorizeCodeStrategy.ValidateAuthorizeCode(ctx, requester, code); err != nil {
+	} else if err := c.Strategy.AuthorizeCodeStrategy().ValidateAuthorizeCode(ctx, requester, code); err != nil {
 		// This needs to happen after store retrieval for the session to be hydrated properly
 		return errorsx.WithStack(fosite.ErrInvalidRequest.WithWrap(err).WithDebug(err.Error()))
 	}
@@ -137,14 +136,14 @@ func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx contex
 		requester.GrantAudience(audience)
 	}
 
-	access, accessSignature, err := c.AccessTokenStrategy.GenerateAccessToken(ctx, requester)
+	access, accessSignature, err := c.Strategy.AccessTokenStrategy().GenerateAccessToken(ctx, requester)
 	if err != nil {
 		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
 	}
 
 	var refresh, refreshSignature string
 	if canIssueRefreshToken(ctx, c, authorizeRequest) {
-		refresh, refreshSignature, err = c.RefreshTokenStrategy.GenerateRefreshToken(ctx, requester)
+		refresh, refreshSignature, err = c.Strategy.RefreshTokenStrategy().GenerateRefreshToken(ctx, requester)
 		if err != nil {
 			return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
 		}

handler/oauth2/flow_authorize_implicit.go

@@ -14,23 +14,21 @@ import (
 	"github.com/ory/fosite"
 )
 
-var _ fosite.AuthorizeEndpointHandler = (*AuthorizeImplicitGrantTypeHandler)(nil)
+var _ fosite.AuthorizeEndpointHandler = (*AuthorizeImplicitGrantHandler)(nil)
 
-// AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type
+// AuthorizeImplicitGrantHandler is a response handler for the Authorize Code grant using the implicit grant type
 // as defined in https://tools.ietf.org/html/rfc6749#section-4.2
-type AuthorizeImplicitGrantTypeHandler struct {
-	AccessTokenStrategy AccessTokenStrategy
-	// AccessTokenStorage is used to persist session data across requests.
-	AccessTokenStorage AccessTokenStorageProvider
-
-	Config interface {
+type AuthorizeImplicitGrantHandler struct {
+	AccessTokenStrategy AccessTokenStrategyProvider
+	AccessTokenStorage  AccessTokenStorageProvider
+	Config              interface {
 		fosite.AccessTokenLifespanProvider
 		fosite.ScopeStrategyProvider
 		fosite.AudienceStrategyProvider
 	}
 }
 
-func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
+func (c *AuthorizeImplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
 	// This let's us define multiple response types, for example open id connect's id_token
 	if !ar.GetResponseTypes().ExactOne("token") {
 		return nil
@@ -64,22 +62,23 @@ func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx c
 	return c.IssueImplicitAccessToken(ctx, ar, resp)
 }
 
-func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
+func (c *AuthorizeImplicitGrantHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error {
 	// Only override expiry if none is set.
 	atLifespan := fosite.GetEffectiveLifespan(ar.GetClient(), fosite.GrantTypeImplicit, fosite.AccessToken, c.Config.GetAccessTokenLifespan(ctx))
 	if ar.GetSession().GetExpiresAt(fosite.AccessToken).IsZero() {
 		ar.GetSession().SetExpiresAt(fosite.AccessToken, time.Now().UTC().Add(atLifespan).Round(time.Second))
 	}
 
-	// Generate the code
-	token, signature, err := c.AccessTokenStrategy.GenerateAccessToken(ctx, ar)
+	// Generate the access token
+	token, signature, err := c.AccessTokenStrategy.AccessTokenStrategy().GenerateAccessToken(ctx, ar)
 	if err != nil {
 		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
 	}
 
 	if err := c.AccessTokenStorage.AccessTokenStorage().CreateAccessTokenSession(ctx, signature, ar.Sanitize([]string{})); err != nil {
 		return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
 	}
+
 	resp.AddParameter("access_token", token)
 	resp.AddParameter("expires_in", strconv.FormatInt(int64(getExpiresIn(ar, fosite.AccessToken, atLifespan, time.Now().UTC())/time.Second), 10))
 	resp.AddParameter("token_type", "bearer")

handler/oauth2/flow_authorize_implicit_test.go

@@ -118,15 +118,15 @@ func TestAuthorizeImplicit_EndpointHandler(t *testing.T) {
 	}
 }
 
-func makeAuthorizeImplicitGrantTypeHandler(ctrl *gomock.Controller) (oauth2.AuthorizeImplicitGrantTypeHandler,
+func makeAuthorizeImplicitGrantTypeHandler(ctrl *gomock.Controller) (oauth2.AuthorizeImplicitGrantHandler,
 	*internal.MockAccessTokenStorage, *internal.MockAccessTokenStorageProvider, *internal.MockAccessTokenStrategy, *internal.MockAuthorizeResponder,
 ) {
 	store := internal.NewMockAccessTokenStorage(ctrl)
 	provider := internal.NewMockAccessTokenStorageProvider(ctrl)
 	chgen := internal.NewMockAccessTokenStrategy(ctrl)
 	aresp := internal.NewMockAuthorizeResponder(ctrl)
 
-	h := oauth2.AuthorizeImplicitGrantTypeHandler{
+	h := oauth2.AuthorizeImplicitGrantHandler{
 		AccessTokenStorage:  provider,
 		AccessTokenStrategy: chgen,
 		Config: &fosite.Config{

handler/oauth2/flow_client_credentials.go

@@ -7,19 +7,20 @@ import (
 	"context"
 	"time"
 
-	"github.com/ory/x/errorsx"
-
 	"github.com/ory/fosite"
+	"github.com/ory/x/errorsx"
 )
 
 var _ fosite.TokenEndpointHandler = (*ClientCredentialsGrantHandler)(nil)
 
 type ClientCredentialsGrantHandler struct {
-	*HandleHelper
-	Config interface {
+	Storage  AccessTokenStorageProvider
+	Strategy AccessTokenStrategyProvider
+	Config   interface {
 		fosite.ScopeStrategyProvider
 		fosite.AudienceStrategyProvider
 		fosite.AccessTokenLifespanProvider
+		fosite.RefreshTokenLifespanProvider
 	}
 }
 
@@ -68,6 +69,26 @@ func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx contex
 	return err
 }
 
+func (c *ClientCredentialsGrantHandler) IssueAccessToken(ctx context.Context, atLifespan time.Duration, requester fosite.AccessRequester, responder fosite.AccessResponder) (signature string, err error) {
+	token, signature, err := c.Strategy.AccessTokenStrategy().GenerateAccessToken(ctx, requester)
+	if err != nil {
+		return "", err
+	} else if err := c.Storage.AccessTokenStorage().CreateAccessTokenSession(ctx, signature, requester.Sanitize([]string{})); err != nil {
+		return "", err
+	}
+
+	if !requester.GetSession().GetExpiresAt(fosite.AccessToken).IsZero() {
+		atLifespan = time.Duration(requester.GetSession().GetExpiresAt(fosite.AccessToken).UnixNano() - time.Now().UTC().UnixNano())
+	}
+
+	responder.SetAccessToken(token)
+	responder.SetTokenType("bearer")
+	responder.SetExpiresIn(atLifespan)
+	responder.SetScopes(requester.GetGrantedScopes())
+
+	return signature, nil
+}
+
 func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool {
 	return false
 }

handler/oauth2/flow_client_credentials_storage.go

@@ -3,6 +3,6 @@
 
 package oauth2
 
-type ClientCredentialsGrantStorage interface {
-	AccessTokenStorage
-}
+// type ClientCredentialsGrantStorage interface {
+// 	AccessTokenStorage
+// }