vouch · kthare10 · May 24, 2021 · May 24, 2021 · May 24, 2021 · May 24, 2021
diff --git a/handlers/validate.go b/handlers/validate.go
@@ -65,6 +65,9 @@ func ValidateRequestHandler(w http.ResponseWriter, r *http.Request) {
 	if cfg.Cfg.Headers.AccessToken != "" && claims.PAccessToken != "" {
 		w.Header().Add(cfg.Cfg.Headers.AccessToken, claims.PAccessToken)
 	}
+	if cfg.Cfg.Headers.RefreshToken != "" && claims.PRefreshToken != "" {
+		w.Header().Add(cfg.Cfg.Headers.RefreshToken, claims.PRefreshToken)
+	}
 	if cfg.Cfg.Headers.IDToken != "" && claims.PIdToken != "" {
 		w.Header().Add(cfg.Cfg.Headers.IDToken, claims.PIdToken)
 	}

diff --git a/pkg/cfg/cfg.go b/pkg/cfg/cfg.go
@@ -79,6 +79,7 @@ type Config struct {
 		ClaimHeader   string            `mapstructure:"claimheader"`
 		Claims        []string          `mapstructure:"claims"`
 		AccessToken   string            `mapstructure:"accesstoken"`
+        RefreshToken  string            `mapstructure:"refreshtoken"`
 		IDToken       string            `mapstructure:"idtoken"`
 		ClaimsCleaned map[string]string // the rawClaim is mapped to the actual claims header
 	}

diff --git a/pkg/jwtmanager/jwtmanager.go b/pkg/jwtmanager/jwtmanager.go
@@ -36,6 +36,7 @@ type VouchClaims struct {
 	Username     string `json:"username"`
 	CustomClaims map[string]interface{}
 	PAccessToken string
+	PRefreshToken string
 	PIdToken     string
 	jwt.StandardClaims
 }
@@ -83,6 +84,7 @@ func NewVPJWT(u structs.User, customClaims structs.CustomClaims, ptokens structs
 		u.Username,
 		customClaims.Claims,
 		ptokens.PAccessToken,
+		ptokens.PRefreshToken,
 		ptokens.PIdToken,
 		StandardClaims,
 	}
@@ -95,6 +97,10 @@ func NewVPJWT(u structs.User, customClaims structs.CustomClaims, ptokens structs
 		claims.PAccessToken = ""
 	}
 
+	if cfg.Cfg.Headers.RefreshToken == "" {
+		claims.PRefreshToken = ""
+	}
+
 	if cfg.Cfg.Headers.IDToken == "" {
 		claims.PIdToken = ""
 	}

diff --git a/pkg/jwtmanager/jwtmanager_test.go b/pkg/jwtmanager/jwtmanager_test.go
@@ -30,6 +30,7 @@ var (
 	t1 = structs.PTokens{
 		PAccessToken: "eyJhbGciOiJSUzI1NiIsImtpZCI6IjRvaXU4In0.eyJzdWIiOiJuZnlmZSIsImF1ZCI6ImltX29pY19jbGllbnQiLCJqdGkiOiJUOU4xUklkRkVzUE45enU3ZWw2eng2IiwiaXNzIjoiaHR0cHM6XC9cL3Nzby5tZXljbG91ZC5uZXQ6OTAzMSIsImlhdCI6MTM5MzczNzA3MSwiZXhwIjoxMzkzNzM3MzcxLCJub25jZSI6ImNiYTU2NjY2LTRiMTItNDU2YS04NDA3LTNkMzAyM2ZhMTAwMiIsImF0X2hhc2giOiJrdHFvZVBhc2praVY5b2Z0X3o5NnJBIn0.g1Jc9DohWFfFG3ppWfvW16ib6YBaONC5VMs8J61i5j5QLieY-mBEeVi1D3vr5IFWCfivY4hZcHtoJHgZk1qCumkAMDymsLGX-IGA7yFU8LOjUdR4IlCPlZxZ_vhqr_0gQ9pCFKDkiOv1LVv5x3YgAdhHhpZhxK6rWxojg2RddzvZ9Xi5u2V1UZ0jukwyG2d4PRzDn7WoRNDGwYOEt4qY7lv_NO2TY2eAklP-xYBWu0b9FBElapnstqbZgAXdndNs-Wqp4gyQG5D0owLzxPErR9MnpQfgNcai-PlWI_UrvoopKNbX0ai2zfkuQ-qh6Xn8zgkiaYDHzq4gzwRfwazaqA",
 		PIdToken:     "eyJhbGciOiJSUzI1NiIsImtpZCI6IjRvaXU4In0.eyJzdWIiOiJuZnlmZSIsImF1ZCI6ImltX29pY19jbGllbnQiLCJqdGkiOiJUOU4xUklkRkVzUE45enU3ZWw2eng2IiwiaXNzIjoiaHR0cHM6XC9cL3Nzby5tZXljbG91ZC5uZXQ6OTAzMSIsImlhdCI6MTM5MzczNzA3MSwiZXhwIjoxMzkzNzM3MzcxLCJub25jZSI6ImNiYTU2NjY2LTRiMTItNDU2YS04NDA3LTNkMzAyM2ZhMTAwMiIsImF0X2hhc2giOiJrdHFvZVBhc2praVY5b2Z0X3o5NnJBIn0.g1Jc9DohWFfFG3ppWfvW16ib6YBaONC5VMs8J61i5j5QLieY-mBEeVi1D3vr5IFWCfivY4hZcHtoJHgZk1qCumkAMDymsLGX-IGA7yFU8LOjUdR4IlCPlZxZ_vhqr_0gQ9pCFKDkiOv1LVv5x3YgAdhHhpZhxK6rWxojg2RddzvZ9Xi5u2V1UZ0jukwyG2d4PRzDn7WoRNDGwYOEt4qY7lv_NO2TY2eAklP-xYBWu0b9FBElapnstqbZgAXdndNs-Wqp4gyQG5D0owLzxPErR9MnpQfgNcai-PlWI_UrvoopKNbX0ai2zfkuQ-qh6Xn8zgkiaYDHzq4gzwRfwazaqA",
+        PRefreshToken: "",
 	}
 
 	lc VouchClaims
@@ -52,6 +53,7 @@ func init() {
 		u1.Username,
 		customClaims.Claims,
 		t1.PAccessToken,
+        t1.PRefreshToken,
 		t1.PIdToken,
 		StandardClaims,
 	}

diff --git a/pkg/providers/adfs/adfs.go b/pkg/providers/adfs/adfs.go
@@ -32,10 +32,11 @@ import (
 type Provider struct{}
 
 type adfsTokenRes struct {
-	AccessToken string `json:"access_token"`
-	TokenType   string `json:"token_type"`
-	IDToken     string `json:"id_token"`
-	ExpiresIn   int64  `json:"expires_in"` // relative seconds from now
+	AccessToken   string `json:"access_token"`
+	TokenType     string `json:"token_type"`
+	RefreshToken  string `json:"refresh_token"`
+	IDToken       string `json:"id_token"`
+	ExpiresIn     int64  `json:"expires_in"` // relative seconds from now
 }
 
 var log *zap.SugaredLogger
@@ -88,6 +89,7 @@ func (Provider) GetUserInfo(r *http.Request, user *structs.User, customClaims *s
 	}
 
 	ptokens.PAccessToken = string(tokenRes.AccessToken)
+	ptokens.PRefreshToken = string(tokenRes.RefreshToken)
 	ptokens.PIdToken = string(tokenRes.IDToken)
 
 	s := strings.Split(tokenRes.IDToken, ".")

diff --git a/pkg/providers/common/common.go b/pkg/providers/common/common.go
@@ -36,6 +36,7 @@ func PrepareTokensAndClient(r *http.Request, ptokens *structs.PTokens, setProvid
 		return nil, nil, err
 	}
 	ptokens.PAccessToken = providerToken.AccessToken
+	ptokens.PRefreshToken = providerToken.RefreshToken
 
 	if setProviderToken {
 		if providerToken.Extra("id_token") != nil {

diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go
@@ -238,5 +238,6 @@ type Site struct {
 // PTokens provider tokens (from the IdP)
 type PTokens struct {
 	PAccessToken string
+	PRefreshToken string
 	PIdToken     string
 }