this repo has no description
oauth client: more doc comments, and extra safety check in MemStore.SaveAuthRequestInfo
+10
-1
+5
atproto/auth/oauth/memstore.go
+5
atproto/auth/oauth/memstore.go
···
74
74
m.lk.Lock()
75
75
defer m.lk.Unlock()
76
76
77
+
if _, ok := m.requests[info.State]; ok {
78
+
// Should be unreachable, barring implementation bugs elsewhere
79
+
return fmt.Errorf("auth request already saved for state %s", info.State)
80
+
}
81
+
77
82
m.requests[info.State] = info
78
83
return nil
79
84
}
+5
-1
atproto/auth/oauth/store.go
+5
-1
atproto/auth/oauth/store.go
···
10
10
//
11
11
// This interface supports multiple sessions for a single account (DID). This is helpful for traditional web app backends where a single user might log in and have concurrent sessions from multiple browsers/devices. For situations where multiple sessions are not required, implementations of this interface could ignore the `sessionID` parameters, though this could result in clobbering of active sessions.
12
12
//
13
-
// For authorization-only (authn-only) applications, the `SaveSession()` method could be a no-op.
13
+
// For authentication-only (authn-only) applications, the `SaveSession()` method could be a no-op.
14
14
//
15
15
// Implementations should generally allow for concurrent access.
16
+
//
17
+
// `SaveSession()` should be treated as an "upsert" operation (updating a previously saved session with matching did and sessionID, if present). `SaveAuthRequestInfo()` however is create-only.
18
+
//
19
+
// Implementations are responsible for garbage-collecting expired sessions and auth requests.
16
20
type ClientAuthStore interface {
17
21
GetSession(ctx context.Context, did syntax.DID, sessionID string) (*ClientSessionData, error)
18
22
SaveSession(ctx context.Context, sess ClientSessionData) error