Extend oauth2 token with auth time field

Author: Arnold Iakab

http/oauth2/introspection.go

@@ -6,6 +6,7 @@ package oauth2
 import (
 	"context"
 	"errors"
+	"time"
 )
 
 // TokenIntrospecter needs to be implemented for token lookup
@@ -25,10 +26,11 @@ var ErrBadUpstreamResponse = errors.New("bad upstream response when introspectin
 // IntrospectResponse in case of a successful check of the
 // oauth2 request
 type IntrospectResponse struct {
-	Active   bool   `json:"active"`
-	Scope    string `json:"scope"`
-	ClientID string `json:"client_id"`
-	UserID   string `json:"user_id"`
+	Active   bool      `json:"active"`
+	Scope    string    `json:"scope"`
+	ClientID string    `json:"client_id"`
+	UserID   string    `json:"user_id"`
+	AuthTime time.Time `json:"auth_time"`
 
 	// Backend identifies the backend used for introspection. This attribute
 	// exists as a convenience if you have more than one authorization backend

http/oauth2/oauth2.go

@@ -10,6 +10,7 @@ import (
 	"context"
 	"errors"
 	"net/http"
+	"time"
 
 	"github.com/opentracing/opentracing-go"
 	olog "github.com/opentracing/opentracing-go/log"
@@ -46,6 +47,7 @@ type token struct {
 	value    string
 	userID   string
 	clientID string
+	authTime time.Time
 	scope    Scope
 	backend  interface{}
 }
@@ -102,6 +104,7 @@ func fromIntrospectResponse(s *IntrospectResponse, tokenValue string) token {
 	t := token{
 		userID:   s.UserID,
 		value:    tokenValue,
+		authTime: s.AuthTime,
 		clientID: s.ClientID,
 		backend:  s.Backend,
 	}
@@ -141,6 +144,16 @@ func UserID(ctx context.Context) (string, bool) {
 	return oauth2token.userID, true
 }
 
+// AuthTime returns the auth time stored in ctx
+func AuthTime(ctx context.Context) (time.Time, bool) {
+	tok, _ := security.GetTokenFromContext(ctx)
+	oauth2token, ok := tok.(*token)
+	if !ok {
+		return time.Time{}, false
+	}
+	return oauth2token.authTime, true
+}
+
 // Scopes returns the scopes stored in ctx
 func Scopes(ctx context.Context) []string {
 	tok, _ := security.GetTokenFromContext(ctx)