Skip to content

Commit 664e82a

Browse files
porcellusporcellus
authored
Merge pull request #232 from supertokens/fix/oauth/jti-listing
fix: jti listing
2 parents 847f24d + 939ab34 commit 664e82a

File tree

2 files changed

+8
-8
lines changed

2 files changed

+8
-8
lines changed

src/main/java/io/supertokens/storage/postgresql/Start.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3287,11 +3287,11 @@ public void deleteOAuthLogoutChallengesBefore(long time) throws StorageQueryExce
32873287
@Override
32883288
public void createOrUpdateOAuthSession(AppIdentifier appIdentifier, String gid, String clientId,
32893289
String externalRefreshToken, String internalRefreshToken,
3290-
String sessionHandle, List<String> jtis, long exp)
3290+
String sessionHandle, String jti, long exp)
32913291
throws StorageQueryException, OAuthClientNotFoundException {
32923292
try {
32933293
OAuthQueries.createOrUpdateOAuthSession(this, appIdentifier, gid, clientId, externalRefreshToken,
3294-
internalRefreshToken, sessionHandle, jtis, exp);
3294+
internalRefreshToken, sessionHandle, jti, exp);
32953295
} catch (SQLException e) {
32963296
ServerErrorMessage errorMessage = ((PSQLException) e).getServerErrorMessage();
32973297
PostgreSQLConfig config = Config.getConfig(this);

src/main/java/io/supertokens/storage/postgresql/queries/OAuthQueries.java

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -163,29 +163,29 @@ public static OAuthClient getOAuthClientById(Start start, String clientId, AppId
163163

164164
public static void createOrUpdateOAuthSession(Start start, AppIdentifier appIdentifier, @NotNull String gid, @NotNull String clientId,
165165
String externalRefreshToken, String internalRefreshToken, String sessionHandle,
166-
List<String> jtis, long exp)
166+
String jti, long exp)
167167
throws SQLException, StorageQueryException {
168168
String sessionTable = Config.getConfig(start).getOAuthSessionsTable();
169169
String QUERY = "INSERT INTO " + sessionTable +
170170
" (gid, client_id, app_id, external_refresh_token, internal_refresh_token, session_handle, jti, exp) VALUES (?, ?, ?, ?, ?, ?, ?, ?) " +
171171
"ON CONFLICT (gid) DO UPDATE SET external_refresh_token = ?, internal_refresh_token = ?, " +
172-
"session_handle = ? , jti = CONCAT("+sessionTable+".jti, ',' , ?), exp = ?";
172+
"session_handle = ? , jti = CONCAT("+sessionTable+".jti, ?), exp = ?";
173173
update(start, QUERY, pst -> {
174-
String jtiDbValue = jtis == null ? null : String.join(",", jtis);
174+
String jtiToInsert = jti + ",";
175175

176176
pst.setString(1, gid);
177177
pst.setString(2, clientId);
178178
pst.setString(3, appIdentifier.getAppId());
179179
pst.setString(4, externalRefreshToken);
180180
pst.setString(5, internalRefreshToken);
181181
pst.setString(6, sessionHandle);
182-
pst.setString(7, jtiDbValue);
182+
pst.setString(7, jtiToInsert); //the starting list element also has to have a "," at the end as the remove removes "jti + ,"
183183
pst.setLong(8, exp);
184184

185185
pst.setString(9, externalRefreshToken);
186186
pst.setString(10, internalRefreshToken);
187187
pst.setString(11, sessionHandle);
188-
pst.setString(12, jtiDbValue);
188+
pst.setString(12, jtiToInsert);
189189
pst.setLong(13, exp);
190190
});
191191
}
@@ -283,7 +283,7 @@ public static boolean deleteJTIFromOAuthSession(Start start, AppIdentifier appId
283283
+ " SET jti = REPLACE(jti, ?, '')" // deletion means replacing the jti with empty char
284284
+ " WHERE app_id = ? and gid = ?";
285285
int numberOfRows = update(start, DELETE, pst -> {
286-
pst.setString(1, jti);
286+
pst.setString(1, jti + ","); //removing with the "," to not leave behind trash
287287
pst.setString(2, appIdentifier.getAppId());
288288
pst.setString(3, gid);
289289
});

0 commit comments

Comments
 (0)