Lockspire.Storage.TokenStore behaviour (lockspire v1.0.0)

Domain-level persistence contract for access and refresh token state.

Summary

Types

expected_cnf()

store_error()

Callbacks

fetch_active_access_token(t)

fetch_active_authorization_code(t)

fetch_authorization_code(t)

fetch_lifecycle_token(t)

fetch_lifecycle_token_by_id(integer)

fetch_refresh_token(t)

list_lifecycle_tokens(keyword)

list_token_family(t)

mark_authorization_code_redeemed(t, t)

redeem_authorization_code(t, t, t)

revoke_by_sid(t)

revoke_lifecycle_token(t, t, t)

revoke_token_family(t)

rotate_refresh_token(t, t, t, t, t, expected_cnf)

store_token(t)

Types

expected_cnf()

@type expected_cnf() :: nil | %{optional(String.t()) => binary()}

store_error()

@type store_error() :: term()

Callbacks

fetch_active_access_token(t)

@callback fetch_active_access_token(String.t()) ::
  {:ok, Lockspire.Domain.Token.t() | nil} | {:error, store_error()}

fetch_active_authorization_code(t)

@callback fetch_active_authorization_code(String.t()) ::
  {:ok, Lockspire.Domain.Token.t() | nil} | {:error, store_error()}

fetch_authorization_code(t)

@callback fetch_authorization_code(String.t()) ::
  {:ok, Lockspire.Domain.Token.t() | nil} | {:error, store_error()}

fetch_lifecycle_token(t)

@callback fetch_lifecycle_token(String.t()) ::
  {:ok, Lockspire.Domain.Token.t() | nil} | {:error, store_error()}

fetch_lifecycle_token_by_id(integer)

@callback fetch_lifecycle_token_by_id(integer()) ::
  {:ok, Lockspire.Domain.Token.t() | nil} | {:error, store_error()}

fetch_refresh_token(t)

@callback fetch_refresh_token(String.t()) ::
  {:ok, Lockspire.Domain.Token.t() | nil} | {:error, store_error()}

list_lifecycle_tokens(keyword)

@callback list_lifecycle_tokens(keyword()) ::
  {:ok, [Lockspire.Domain.Token.t()]} | {:error, store_error()}

list_token_family(t)

@callback list_token_family(String.t()) ::
  {:ok, [Lockspire.Domain.Token.t()]} | {:error, store_error()}

mark_authorization_code_redeemed(t, t)

@callback mark_authorization_code_redeemed(String.t(), DateTime.t()) ::
  {:ok, Lockspire.Domain.Token.t()} | {:error, store_error()}

redeem_authorization_code(t, t, t)

@callback redeem_authorization_code(String.t(), DateTime.t(), Lockspire.Domain.Token.t()) ::
  {:ok,
   %{
     authorization_code: Lockspire.Domain.Token.t(),
     access_token: Lockspire.Domain.Token.t()
   }}
  | {:error, store_error()}

revoke_by_sid(t)

(optional)

@callback revoke_by_sid(String.t()) :: {:ok, non_neg_integer()} | {:error, store_error()}

revoke_lifecycle_token(t, t, t)

@callback revoke_lifecycle_token(String.t(), String.t(), DateTime.t()) ::
  {:ok, Lockspire.Domain.Token.t() | nil} | {:error, store_error()}

revoke_token_family(t)

@callback revoke_token_family(String.t()) ::
  {:ok, non_neg_integer()} | {:error, store_error()}

rotate_refresh_token(t, t, t, t, t, expected_cnf)

@callback rotate_refresh_token(
  String.t(),
  String.t(),
  DateTime.t(),
  Lockspire.Domain.Token.t(),
  Lockspire.Domain.Token.t(),
  expected_cnf()
) ::
  {:ok,
   %{
     presented_refresh_token: Lockspire.Domain.Token.t(),
     refresh_token: Lockspire.Domain.Token.t(),
     access_token: Lockspire.Domain.Token.t()
   }}
  | {:error, store_error()}

store_token(t)

@callback store_token(Lockspire.Domain.Token.t()) ::
  {:ok, Lockspire.Domain.Token.t()} | {:error, store_error()}