Remove the last authentication from the browser session model

2025-11-20 12:02:22 +03:00 · 2023-07-19 15:31:17 +02:00
parent 7e82ae845c
commit 802cf142fd
24 changed files with 325 additions and 204 deletions
--- a/crates/handlers/src/oauth2/token.rs
+++ b/crates/handlers/src/oauth2/token.rs
@@ -302,6 +302,11 @@ async fn authorization_code_grant(
        .await?
        .ok_or(RouteError::NoSuchBrowserSession)?;

+    let last_authentication = repo
+        .browser_session()
+        .get_last_authentication(&browser_session)
+        .await?;
+
    let ttl = Duration::minutes(5);
    let (access_token, refresh_token) =
        generate_token_pair(&mut rng, clock, &mut repo, &session, ttl).await?;
@@ -316,6 +321,7 @@ async fn authorization_code_grant(
            &authz_grant,
            &browser_session,
            Some(&access_token),
+            last_authentication.as_ref(),
        )?)
    } else {
        None