Consent session request

notNeo · August 11, 2020, 8:35am

is there a reason the elements (access_token, id_token)
in consent sessino request are empty interfaces?

ory/hydra-client-go/blob/master/models/consent_request_session.go#L22



// ConsentRequestSession Used to pass session data to a consent request.
//
// swagger:model consentRequestSession
type ConsentRequestSession struct {

	// AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the
	// refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.
	// If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties
	// can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!
	AccessToken interface{} `json:"access_token,omitempty"`

	// IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable
	// by anyone that has access to the ID Challenge. Use with care!
	IDToken interface{} `json:"id_token,omitempty"`
}

// Validate validates this consent request session
func (m *ConsentRequestSession) Validate(formats strfmt.Registry) error {
	return nil
}

hackerman · August 14, 2020, 11:33am

Yes because they are polymorph types