Configure core validator with access only option

Signed-off-by: Beorn Facchini <beornf@gmail.com>
ory · Aug 10, 2017 · 870601e · 870601e
1 parent fa50c80
commit 870601e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/compose/compose_oauth2.go b/compose/compose_oauth2.go
@@ -83,6 +83,7 @@ func OAuth2TokenIntrospectionFactory(config *Config, storage interface{}, strate
 	return &oauth2.CoreValidator{
 		CoreStrategy:  strategy.(oauth2.CoreStrategy),
 		CoreStorage:   storage.(oauth2.CoreStorage),
+		AccessOnly:    config.GetAccessOnly(),
 		ScopeStrategy: config.GetScopeStrategy(),
 	}
 }

diff --git a/compose/config.go b/compose/config.go
@@ -19,6 +19,9 @@ type Config struct {
 	// HashCost sets the cost of the password hashing cost. Defaults to 12.
 	HashCost int
 
+	// AccessOnly sets whether the introspection endpoint only validates access tokens.
+	AccessOnly bool
+
 	ScopeStrategy fosite.ScopeStrategy
 }
 
@@ -61,3 +64,8 @@ func (c *Config) GetHashCost() int {
 	}
 	return c.HashCost
 }
+
+// GetAccessOnly returns whether the introspection endpoint only validates access tokens.
+func (c *Config) GetAccessOnly() bool {
+	return c.AccessOnly
+}
diff --git a/handler/oauth2/introspector.go b/handler/oauth2/introspector.go
@@ -10,10 +10,19 @@ import (
 type CoreValidator struct {
 	CoreStrategy
 	CoreStorage
+	AccessOnly    bool
 	ScopeStrategy fosite.ScopeStrategy
 }
 
 func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (err error) {
+	if c.AccessOnly {
+		if err = c.introspectAccessToken(ctx, token, accessRequest, scopes); err == nil {
+			return nil
+		}
+
+		return err
+	}
+
 	switch tokenType {
 	case fosite.RefreshToken:
 		if err = c.introspectRefreshToken(ctx, token, accessRequest, scopes); err == nil {