refactor!: Completely removed v6.x way of setting access token formats.

panva · Dec 1, 2022 · a2cf235 · a2cf235
1 parent fe6af6a
commit a2cf235
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 44 deletions.
diff --git a/lib/helpers/defaults.js b/lib/helpers/defaults.js
@@ -250,20 +250,6 @@ async function pairwiseIdentifier(ctx, accountId, client) {
     .digest('hex');
 }
 
-function AccessTokenFormat(ctx, token) {
-  if (token.resourceServer) {
-    return token.resourceServer.accessTokenFormat || 'opaque';
-  }
-  return 'opaque';
-}
-
-function ClientCredentialsFormat(ctx, token) {
-  if (token.resourceServer) {
-    return token.resourceServer.accessTokenFormat || 'opaque';
-  }
-  return 'opaque';
-}
-
 function AccessTokenTTL(ctx, token, client) {
   shouldChange('ttl.AccessToken', 'define the expiration for AccessToken artifacts');
   if (token.resourceServer) {
@@ -1826,28 +1812,6 @@ function makeDefaults() {
      */
     extraTokenClaims,
 
-    /*
-     * formats
-     *
-     * description: This option allows to configure the token value format. The different
-     *   values change how a client-facing token value is generated and also if the token
-     *   is stored using the adapter or not. The use of JWT formats also requires
-     *   use of Resource Indicators. In earlier version of oidc-provider the formats.AccessToken
-     *   and formats.ClientCredentials configuration might've been used but in v7.x and later there's no
-     *   need to change their default value because they default to use the `accessTokenFormat`
-     *   from a Resource Server, that's where you should tell the Authorization Server to
-     *   issue a token in a certain format.
-     *
-     * Supported formats are:
-     *   - `opaque` (default) tokens are PRNG generated random strings using url safe base64 alphabet.
-     *     See `formats.bitsOfOpaqueRandomness` for influencing the token length. Tokens are stored
-     *     using the adapter.
-     *   - `jwt` tokens are issued as JWTs. Tokens using this format are not stored using the adapter,
-     *     they cannot be introspected at the introspection_endpoint and they cannot be used to access
-     *     the userinfo_endpoint. Tokens issued in this format MUST have an audience/indicated resource.
-     *
-     * @skip
-     */
     formats: {
       /*
        * formats.bitsOfOpaqueRandomness
@@ -1868,8 +1832,6 @@ function makeDefaults() {
        * ```
        */
       bitsOfOpaqueRandomness: 256,
-      AccessToken: AccessTokenFormat,
-      ClientCredentials: ClientCredentialsFormat,
 
       /*
        * formats.customizers

diff --git a/lib/models/mixins/has_format.js b/lib/models/mixins/has_format.js
@@ -1,17 +1,19 @@
 import instance from '../../helpers/weak_cache.js';
 import formatsGenerator from '../formats/index.js';
 
-const CHANGEABLE = new Set(['AccessToken', 'ClientCredentials']);
 const DEFAULT = 'opaque';
 
+function AccessTokenFormat(ctx, token) {
+  return token.resourceServer?.accessTokenFormat ?? 'opaque';
+}
+
 export default (provider, type, superclass) => {
-  const config = instance(provider).configuration('formats');
   const formats = formatsGenerator(provider);
 
-  let { [type]: FORMAT } = config;
-
-  // only allow AccessToken and ClientCredentials to be defined by developers
-  if (!CHANGEABLE.has(type)) {
+  let FORMAT;
+  if (type === 'AccessToken' || type === 'ClientCredentials') {
+    FORMAT = AccessTokenFormat;
+  } else {
     FORMAT = DEFAULT;
   }