Best way to replicate a refresh_token flow using Fosite.
tn185075 opened this issue · 5 comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- This issue affects my Ory Network project.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Describe your problem
For refresh_token flow,
- We add
offline/offline_access
to the scope, which results in an additional field in our response addingrefresh_token
. - We later use this result to actually refresh the access token with
refresh_token
grant to the token endpoint.
I wanted to do something similar with a different scope and grant_type. What's the best way to go about it?
Describe your ideal solution
Ideal solution to extend fosite without actually changing the original codebase, but not even touching the real endpoints. But to compose the provider to handle as if it's supported by base fosite.
Workarounds or alternatives
A new factory handling the grant and populating token response when a scope is requested?
Version
latest
Additional Context
No response
I believe this is probably already supported and these are the only necessary changes:
- Make sure this returns the scopes you wish to be allowed to grant refresh tokens: https://github.com/ory/fosite/blob/v0.44.0/config.go#L61-L65
2, Make sure this returns therefresh_token
grant type: https://github.com/ory/fosite/blob/v0.44.0/client.go#L21-L22
I believe this is probably already supported and these are the only necessary changes:
- Make sure this returns the scopes you wish to be allowed to grant refresh tokens: https://github.com/ory/fosite/blob/v0.44.0/config.go#L61-L65
2, Make sure this returns therefresh_token
grant type: https://github.com/ory/fosite/blob/v0.44.0/client.go#L21-L22
Aah, I don't want to relate with refresh token flow. I never need a refresh_token. I need a new flow similar to refresh_token. When I add say, james
as scope, I need james_token
to be added to response. I should be able to use james_token
as a grant type to hit the token endpoint and get access token back again.
Implement a grant factory which can do this? How do I add something to accessResponse based on the scope. I don't want to tweak my token endpoint nor have my own fosite. Want to make use of its extensibility.
Oh makes sense now! Dur. Yeah there's probably a way to do it via creating your own handlers. I am not familiar enough to help but I'll keep this in mind if it becomes obvious (going to be making a PR in hydra soon).
Was able to do it using factories and adding them to compose while I created my provider and implemented token handler for each of them.
This supposedly looks the fosite way 😀 !