huangzhenpc/kirogo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca413400b6b13e78c4c5ac4d603657b4837032f9
kirogo/auth/oidc.go

107 lines
3.0 KiB
Go
Raw Blame History

package auth
import (
"bytes"
"encoding/json"
"fmt"
"io"
"kiro-go/config"
"net/http"
"time"
)
// RefreshToken 刷新 access token
// Returns: accessToken, refreshToken, expiresAt, profileArn, error
func RefreshToken(account *config.Account) (string, string, int64, string, error) {
if account.AuthMethod == "social" {
return refreshSocialToken(account.RefreshToken)
}
return refreshOIDCToken(account.RefreshToken, account.ClientID, account.ClientSecret, account.Region)
}
// refreshOIDCToken IdC/Builder ID token 刷新
func refreshOIDCToken(refreshToken, clientID, clientSecret, region string) (string, string, int64, string, error) {
if clientID == "" || clientSecret == "" {
return "", "", 0, "", fmt.Errorf("OIDC refresh requires clientId and clientSecret")
}
if region == "" {
region = "us-east-1"
}
url := fmt.Sprintf("https://oidc.%s.amazonaws.com/token", region)
payload := map[string]string{
"clientId": clientID,
"clientSecret": clientSecret,
"refreshToken": refreshToken,
"grantType": "refresh_token",
}
body, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST", url, bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
resp, err := httpClient().Do(req)
if err != nil {
return "", "", 0, "", err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
respBody, _ := io.ReadAll(resp.Body)
return "", "", 0, "", fmt.Errorf("refresh failed: %d %s", resp.StatusCode, string(respBody))
}
var result struct {
AccessToken string `json:"accessToken"`
RefreshToken string `json:"refreshToken"`
ExpiresIn int `json:"expiresIn"`
ProfileArn string `json:"profileArn"`
}
if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
return "", "", 0, "", err
}
expiresAt := time.Now().Unix() + int64(result.ExpiresIn)
return result.AccessToken, result.RefreshToken, expiresAt, result.ProfileArn, nil
}
// refreshSocialToken Social (GitHub/Google) token 刷新
func refreshSocialToken(refreshToken string) (string, string, int64, string, error) {
url := "https://prod.us-east-1.auth.desktop.kiro.dev/refreshToken"
payload := map[string]string{
"refreshToken": refreshToken,
}
body, _ := json.Marshal(payload)
req, _ := http.NewRequest("POST", url, bytes.NewReader(body))
req.Header.Set("Content-Type", "application/json")
resp, err := httpClient().Do(req)
if err != nil {
return "", "", 0, "", err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
respBody, _ := io.ReadAll(resp.Body)
return "", "", 0, "", fmt.Errorf("refresh failed: %d %s", resp.StatusCode, string(respBody))
}
var result struct {
AccessToken string `json:"accessToken"`
RefreshToken string `json:"refreshToken"`
ExpiresIn int `json:"expiresIn"`
ProfileArn string `json:"profileArn"`
}
if err := json.NewDecoder(resp.Body).Decode(&result); err != nil {
return "", "", 0, "", err
}
expiresAt := time.Now().Unix() + int64(result.ExpiresIn)
return result.AccessToken, result.RefreshToken, expiresAt, result.ProfileArn, nil
}
Reference in New Issue View Git Blame Copy Permalink