fix: revoke access token on duplicate auth code user

2026-04-12 00:37:56 +00:00 · 2026-04-11 18:33:19 +03:00
parent cc94294ece
commit 8622736718
9 changed files with 112 additions and 8 deletions
--- a/sql/oidc_queries.sql
+++ b/sql/oidc_queries.sql
@@ -48,9 +48,10 @@ INSERT INTO "oidc_tokens" (
    "client_id",
    "token_expires_at",
    "refresh_token_expires_at",
+    "code_hash",
    "nonce"
 ) VALUES (
-    ?, ?, ?, ?, ?, ?, ?, ?
+    ?, ?, ?, ?, ?, ?, ?, ?, ?
 )
 RETURNING *;

@@ -75,6 +76,10 @@ WHERE "refresh_token_hash" = ?;
 SELECT * FROM "oidc_tokens"
 WHERE "sub" = ?;

+-- name: DeleteOidcTokenByCodeHash :exec
+DELETE FROM "oidc_tokens"
+WHERE "code_hash" = ?;
+
 -- name: DeleteOidcToken :exec
 DELETE FROM "oidc_tokens"
 WHERE "access_token_hash" = ?;