mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-30 10:56:28 +02:00
40 lines
1.1 KiB
Go
40 lines
1.1 KiB
Go
package cluster
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/pomerium/pomerium/internal/zero/apierror"
|
|
"github.com/pomerium/pomerium/internal/zero/token"
|
|
)
|
|
|
|
// NewTokenFetcher creates a new authorization token fetcher
|
|
func NewTokenFetcher(endpoint string, opts ...ClientOption) (token.Fetcher, error) {
|
|
client, err := NewClientWithResponses(endpoint, opts...)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error creating client: %w", err)
|
|
}
|
|
|
|
return func(ctx context.Context, refreshToken string) (*token.Token, error) {
|
|
now := time.Now()
|
|
|
|
resp, err := apierror.CheckResponse[ExchangeTokenResponse](client.ExchangeClusterIdentityTokenWithResponse(ctx, ExchangeTokenRequest{
|
|
RefreshToken: refreshToken,
|
|
}))
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error exchanging token: %w", err)
|
|
}
|
|
|
|
expiresSeconds, err := strconv.ParseInt(resp.ExpiresInSeconds, 10, 64)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error parsing expires in: %w", err)
|
|
}
|
|
|
|
return &token.Token{
|
|
Bearer: resp.IdToken,
|
|
Expires: now.Add(time.Duration(expiresSeconds) * time.Second),
|
|
}, nil
|
|
}, nil
|
|
}
|