From 72c67a7a82abbf16d25b075e420d4d21ab1f8e73 Mon Sep 17 00:00:00 2001 From: Philippe Loctaux Date: Sat, 18 Mar 2023 16:48:40 +0100 Subject: [PATCH] ezidam: store access token in cookie --- crates/ezidam/src/routes/oauth/redirect.rs | 13 +++++++++++-- crates/jwt/src/claims.rs | 4 ++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/crates/ezidam/src/routes/oauth/redirect.rs b/crates/ezidam/src/routes/oauth/redirect.rs index 13822c4..e69d857 100644 --- a/crates/ezidam/src/routes/oauth/redirect.rs +++ b/crates/ezidam/src/routes/oauth/redirect.rs @@ -114,11 +114,20 @@ pub async fn redirect_page( // TODO: get user roles let roles = vec![]; + // Access token duration in minutes + let access_token_duration = 15; + // Create jwt, sign and serialize let jwt = JwtClaims::new(home_page.clone(), app.id().as_ref(), &user, roles) - .sign_serialize(&private_key)?; + .sign_serialize(&private_key, access_token_duration)?; - // TODO: store tokens in secure, http only cookies + // Add jwt as a cookie + let mut cookie = Cookie::new("access_token", jwt); + cookie.set_secure(true); + cookie.set_http_only(true); + cookie.set_same_site(SameSite::Strict); + cookie.set_max_age(Duration::minutes(access_token_duration)); + cookie_jar.add(cookie); transaction.commit().await?; diff --git a/crates/jwt/src/claims.rs b/crates/jwt/src/claims.rs index 0da7ff5..04906c5 100644 --- a/crates/jwt/src/claims.rs +++ b/crates/jwt/src/claims.rs @@ -43,13 +43,13 @@ impl JwtClaims { } } - pub fn sign_serialize(self, key: &PrivateKey) -> Result { + pub fn sign_serialize(self, key: &PrivateKey, duration_minutes: i64) -> Result { let header = Header::default().with_key_id(key.id()); let claims = Claims::::new(self); // Set duration - let duration = Duration::minutes(15); + let duration = Duration::minutes(duration_minutes); let time_options = TimeOptions::default(); let claims = claims.set_duration_and_issuance(&time_options, duration);