MSC2918 Refresh tokens implementation (#9450)

This implements refresh tokens, as defined by MSC2918 This MSC has been implemented client side in Hydrogen Web: vector-im/hydrogen-web#235 The basics of the MSC works: requesting refresh tokens on login, having the access tokens expire, and using the refresh token to get a new one. Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
author: Quentin Gliech <quentingliech@gmail.com> 2021-06-24 15:33:20 +0200
committer: GitHub <noreply@github.com> 2021-06-24 14:33:20 +0100
commit: bd4919fb72b2a75f1c0a7f0c78bd619fd2ae30e8 (patch)
tree: 04a988e47720e9c58c99f05b74121e03ebe1f5f4 /synapse/api
parent: Merge tag 'v1.37.0rc1' into develop (diff)
download: synapse-bd4919fb72b2a75f1c0a7f0c78bd619fd2ae30e8.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index edf1b918eb..29cf257633 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -245,6 +245,11 @@ class Auth:
                     errcode=Codes.GUEST_ACCESS_FORBIDDEN,
                 )
 
+            # Mark the token as used. This is used to invalidate old refresh
+            # tokens after some time.
+            if not user_info.token_used and token_id is not None:
+                await self.store.mark_access_token_as_used(token_id)
+
             requester = create_requester(
                 user_info.user_id,
                 token_id,
author	Quentin Gliech <quentingliech@gmail.com>	2021-06-24 15:33:20 +0200
committer	GitHub <noreply@github.com>	2021-06-24 14:33:20 +0100
commit	bd4919fb72b2a75f1c0a7f0c78bd619fd2ae30e8 (patch)
tree	04a988e47720e9c58c99f05b74121e03ebe1f5f4 /synapse/api
parent	Merge tag 'v1.37.0rc1' into develop (diff)
download	synapse-bd4919fb72b2a75f1c0a7f0c78bd619fd2ae30e8.tar.xz