diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs --- a/services/identity/src/client_service.rs +++ b/services/identity/src/client_service.rs @@ -635,20 +635,16 @@ request: tonic::Request, ) -> Result, tonic::Status> { let message = request.into_inner(); - let token_valid = match self + let token_valid = self .client - .get_access_token_data(message.user_id, message.signing_public_key) + .verify_access_token( + message.user_id, + message.signing_public_key, + message.access_token, + ) .await - { - Ok(Some(access_token_data)) => { - constant_time_eq( - access_token_data.access_token.as_bytes(), - message.access_token.as_bytes(), - ) && access_token_data.is_valid() - } - Ok(None) => false, - Err(e) => return Err(handle_db_error(e)), - }; + .map_err(handle_db_error)?; + let response = Response::new(VerifyUserAccessTokenResponse { token_valid }); Ok(response) } diff --git a/services/identity/src/database.rs b/services/identity/src/database.rs --- a/services/identity/src/database.rs +++ b/services/identity/src/database.rs @@ -1,3 +1,4 @@ +use constant_time_eq::constant_time_eq; use std::collections::HashMap; use std::fmt::{Display, Formatter, Result as FmtResult}; use std::str::FromStr; @@ -368,6 +369,26 @@ } } + pub async fn verify_access_token( + &self, + user_id: String, + signing_public_key: String, + access_token_to_verify: String, + ) -> Result { + let is_valid = self + .get_access_token_data(user_id, signing_public_key) + .await? + .map(|access_token_data| { + constant_time_eq( + access_token_data.access_token.as_bytes(), + access_token_to_verify.as_bytes(), + ) && access_token_data.is_valid() + }) + .unwrap_or(false); + + Ok(is_valid) + } + pub async fn put_access_token_data( &self, access_token_data: AccessTokenData,