Developer tokens enhancements.

changelog.md

@@ -1,6 +1,14 @@
 Changelog
 =========
 
+0.26.5 (????-??-??)
+-------------------
+
+* Developer tokens will now be associated with a client_id if an OAuth2 client
+  was used to generate one. This allows them to be refreshed.
+* A scope can now be specified when creating a developer token.
+
+
 0.26.4 (2024-10-28)
 -------------------
 

src/middleware/login.ts

@@ -1,8 +1,9 @@
 import { Middleware } from '@curveball/core';
 import { NotFound, Unauthorized } from '@curveball/http-errors';
 import * as oauth2Service from './../oauth2/service.js';
-import { App, User, Principal } from '../types.js';
+import { App, User, Principal, AppClient } from '../types.js';
 import * as privilegeService from '../privilege/service.js';
+import * as services from '../services.js';
 
 const whitelistPath = [
   '/login',
@@ -41,8 +42,15 @@ class AuthHelper {
    */
   public principal: App | User | null;
 
-  constructor(principal: App | User | null) {
+  /**
+   * The App Client that was used to authenticate the user. Note that not
+   * every authentication method uses an app.
+   */
+  public appClient: AppClient | null;
+
+  constructor(principal: App | User | null, appClient: AppClient | null) {
     this.principal = principal;
+    this.appClient = appClient;
   }
 
   /**
@@ -102,16 +110,20 @@ export default function(): Middleware {
           throw e;
         }
       }
-      // We are logged in!
-      ctx.auth = new AuthHelper(token.principal);
+
+      ctx.auth = new AuthHelper(
+        token.principal,
+        token.clientId !== 0 ? await services.appClient.findById(token.clientId) : null,
+      );
       ctx.privileges = await privilegeService.get(ctx.auth.principal!);
 
       return next();
 
     }
 
     ctx.auth = new AuthHelper(
-      ctx.session.user || null
+      ctx.session.user || null,
+      null
     );
     if (ctx.auth.principal) {
       ctx.privileges = await privilegeService.get(ctx.auth.principal);

src/oauth2/controller/user-access-token.ts

@@ -21,8 +21,10 @@ class UserAccessTokenController extends Controller {
 
     const token = await oauth2Service.generateTokenDeveloperToken({
       principal: user,
-    });
-
+      scope: ctx.request.body?.scope?.split(' '),
+      client: ctx.auth.appClient ?? undefined,
+    },
+    );
     ctx.response.body = tokenResponse(token);
     log(EventType.generateAccessToken, ctx.ip()!, user.id, ctx.request.headers.get('User-Agent'));
 

src/oauth2/service.ts

@@ -218,12 +218,14 @@ export async function generateTokenAuthorizationCode(options: GenerateTokenAutho
 
 type GenerateTokenDeveloperTokenOptions = {
   principal: User;
+  client?: AppClient;
+  scope?: string[];
 }
 /**
  * Generates a token for the 'implicit' GrantType
  */
 export function generateTokenDeveloperToken(options: GenerateTokenDeveloperTokenOptions): Promise<OAuth2Token> {
-  const client: AppClient = {
+  const client = options.client ?? {
     id: 0,
     clientId: 'system',
     clientSecret: '',
@@ -244,10 +246,10 @@ export function generateTokenDeveloperToken(options: GenerateTokenDeveloperToken
   };
   return generateTokenInternal({
     grantType: 'developer-token',
-    ...options,
+    principal: options.principal,
+    scope: options.scope ?? [],
     secretUsed: false,
     client,
-    scope: [],
   });
 }