feat: add the ability to refresh tokens (#277)

gssbzn · web-flow · commit 89c55716021c · 2022-02-08T11:26:22.000Z
diff --git a/auth/device_flow.go b/auth/device_flow.go
@@ -110,8 +110,29 @@ func (c Config) PollToken(ctx context.Context, code *DeviceCode) (*Token, *atlas
 	}
 }
 
-// Revoke takes an access or refresh token and revokes it.
-func (c Config) Revoke(ctx context.Context, token, tokenTypeHint string) (*atlas.Response, error) {
+// RefreshToken takes a refresh token and gets a new access token.
+func (c Config) RefreshToken(ctx context.Context, token string) (*Token, *atlas.Response, error) {
+	req, err := c.NewRequest(ctx, http.MethodPost, deviceBasePath+"/token",
+		url.Values{
+			"client_id":     {c.ClientID},
+			"refresh_token": {token},
+			"scope":         {strings.Join(c.Scopes, " ")},
+			"grant_type":    {"refresh_token"},
+		},
+	)
+	if err != nil {
+		return nil, nil, err
+	}
+	var t *Token
+	resp, err2 := c.Do(ctx, req, &t)
+	if err2 != nil {
+		return nil, resp, err2
+	}
+	return t, resp, err2
+}
+
+// RevokeToken takes an access or refresh token and revokes it.
+func (c Config) RevokeToken(ctx context.Context, token, tokenTypeHint string) (*atlas.Response, error) {
 	req, err := c.NewRequest(ctx, http.MethodPost, deviceBasePath+"/revoke",
 		url.Values{
 			"client_id":       {c.ClientID},
diff --git a/auth/device_flow_test.go b/auth/device_flow_test.go
@@ -77,7 +77,42 @@ func TestConfig_GetToken(t *testing.T) {
 	}
 	results, _, err := config.GetToken(ctx, code.DeviceCode)
 	if err != nil {
-		t.Fatalf("PollToken returned error: %v", err)
+		t.Fatalf("GetToken returned error: %v", err)
+	}
+
+	expected := &Token{
+		AccessToken:  "secret1",
+		RefreshToken: "secret2",
+		Scope:        "openid",
+		IDToken:      "idtoken",
+		TokenType:    "Bearer",
+		ExpiresIn:    3600,
+	}
+
+	if diff := deep.Equal(results, expected); diff != nil {
+		t.Error(diff)
+	}
+}
+
+func TestConfig_RefreshToken(t *testing.T) {
+	config, mux, teardown := setup()
+	defer teardown()
+
+	mux.HandleFunc("/api/private/unauth/account/device/token", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r)
+		fmt.Fprint(w, `{
+		  "access_token": "secret1",
+		  "refresh_token": "secret2",
+		  "scope": "openid",
+		  "id_token": "idtoken",
+		  "token_type": "Bearer",
+		  "expires_in": 3600
+		}`)
+	})
+
+	results, _, err := config.RefreshToken(ctx, "secret2")
+	if err != nil {
+		t.Fatalf("RefreshToken returned error: %v", err)
 	}
 
 	expected := &Token{
@@ -133,15 +168,15 @@ func TestConfig_PollToken(t *testing.T) {
 	}
 }
 
-func TestConfig_Revoke(t *testing.T) {
+func TestConfig_RevokeToken(t *testing.T) {
 	config, mux, teardown := setup()
 	defer teardown()
 
 	mux.HandleFunc("/api/private/unauth/account/device/revoke", func(w http.ResponseWriter, r *http.Request) {
 		testMethod(t, r)
 	})
 
-	_, err := config.Revoke(ctx, "a", "refresh_token")
+	_, err := config.RevokeToken(ctx, "a", "refresh_token")
 	if err != nil {
 		t.Fatalf("RequestCode returned error: %v", err)
 	}
