feat: adopt OAuth2-style token fields in authentication responses (#347)

* feat: adopt OAuth2-style token fields in authentication responses

- Replace token response fields with OAuth2-style fields: access_token, token_type, expires_in, refresh_token, and scope
- Add a test assertion to verify that refresh_token is present and not empty in the response

fix #346

Signed-off-by: Bo-Yi Wu <[email protected]>

* fix: improve refresh token handling and update related tests

- Add error handling and response for refresh token generation failures during middleware initialization
- Return the actual refresh token in the response instead of an empty string
- Update test claims to include standard JWT fields with current timestamps
- Change test code to extract access_token instead of token from responses
- Remove redundant test assertions for refresh_token presence

Signed-off-by: Bo-Yi Wu <[email protected]>

---------

Signed-off-by: Bo-Yi Wu <[email protected]>

Author: appleboy

auth_jwt.go

@@ -356,10 +356,20 @@ func (mw *GinJWTMiddleware) MiddlewareInit() error {
 
 	if mw.LoginResponse == nil {
 		mw.LoginResponse = func(c *gin.Context, code int, token string, expire time.Time) {
+			refreshToken, _, err := mw.RefreshToken(c)
+			if err != nil {
+				c.JSON(http.StatusUnauthorized, gin.H{
+					"code":    http.StatusUnauthorized,
+					"message": mw.HTTPStatusMessageFunc(err, c),
+				})
+				return
+			}
 			c.JSON(http.StatusOK, gin.H{
-				"code":   http.StatusOK,
-				"token":  token,
-				"expire": expire.Format(time.RFC3339),
+				"access_token":  token,
+				"token_type":    "Bearer",
+				"expires_in":    int(time.Until(expire).Seconds()),
+				"refresh_token": refreshToken,
+				"scope":         "create",
 			})
 		}
 	}
@@ -374,10 +384,20 @@ func (mw *GinJWTMiddleware) MiddlewareInit() error {
 
 	if mw.RefreshResponse == nil {
 		mw.RefreshResponse = func(c *gin.Context, code int, token string, expire time.Time) {
+			refreshToken, _, err := mw.RefreshToken(c)
+			if err != nil {
+				c.JSON(http.StatusUnauthorized, gin.H{
+					"code":    http.StatusUnauthorized,
+					"message": mw.HTTPStatusMessageFunc(err, c),
+				})
+				return
+			}
 			c.JSON(http.StatusOK, gin.H{
-				"code":   http.StatusOK,
-				"token":  token,
-				"expire": expire.Format(time.RFC3339),
+				"access_token":  token,
+				"token_type":    "Bearer",
+				"expires_in":    int(time.Until(expire).Seconds()),
+				"refresh_token": refreshToken,
+				"scope":         "create",
 			})
 		}
 	}

auth_jwt_test.go

@@ -718,7 +718,14 @@ func TestClaimsDuringAuthorization(t *testing.T) {
 				testkey = ""
 			}
 			// Set custom claim, to be checked in Authorizator method
-			return MapClaims{"identity": data.(string), "testkey": testkey, "exp": 0}
+			now := time.Now()
+			return MapClaims{
+				"identity": data.(string),
+				"testkey":  testkey,
+				"exp":      now.Add(time.Hour).Unix(),
+				"iat":      now.Unix(),
+				"nbf":      now.Unix(),
+			}
 		},
 		Authenticator: func(c *gin.Context) (interface{}, error) {
 			var loginVals Login
@@ -780,7 +787,7 @@ func TestClaimsDuringAuthorization(t *testing.T) {
 			"password": "admin",
 		}).
 		Run(handler, func(r gofight.HTTPResponse, rq gofight.HTTPRequest) {
-			token := gjson.Get(r.Body.String(), "token")
+			token := gjson.Get(r.Body.String(), "access_token")
 			userToken = token.String()
 			assert.Equal(t, http.StatusOK, r.Code)
 		})
@@ -799,7 +806,7 @@ func TestClaimsDuringAuthorization(t *testing.T) {
 			"password": "test",
 		}).
 		Run(handler, func(r gofight.HTTPResponse, rq gofight.HTTPRequest) {
-			token := gjson.Get(r.Body.String(), "token")
+			token := gjson.Get(r.Body.String(), "access_token")
 			userToken = token.String()
 			assert.Equal(t, http.StatusOK, r.Code)
 		})