From 1565717c7e3f28ecd10a63a7d452de03c042af93 Mon Sep 17 00:00:00 2001
From: "David J. Allen" <davidallendj@gmail.com>
Date: Mon, 25 Mar 2024 14:24:37 -0600
Subject: [PATCH] Removed the client authorization for client credentials flow

---
 internal/flows/jwt_bearer.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/internal/flows/jwt_bearer.go b/internal/flows/jwt_bearer.go
index 72c878d..b34d25d 100644
--- a/internal/flows/jwt_bearer.go
+++ b/internal/flows/jwt_bearer.go
@@ -238,6 +238,22 @@ func NewJwtBearerFlow(eps JwtBearerEndpoints, params JwtBearerFlowParams) (strin
 	return string(res), nil
 }
 
+func NewRefreshToken(issuer string, audience string, duration time.Duration) jwt.Token {
+	// create a new, one-time use JWT with no scopes
+	payload := map[string]any{}
+	payload["iss"] = issuer
+	payload["aud"] = audience
+	payload["iat"] = time.Now().Unix()
+	payload["nbf"] = time.Now().Unix()
+	payload["exp"] = time.Now().Add(duration).Unix()
+	payload["sub"] = "opaal"
+	payloadJson, err := json.Marshal(payload)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal payload: %v", err)
+	}
+	jws.Sign(payloadJson, jws.WithJSON(), jws.WithKey(jwa.RS256, privateJwk))
+}
+
 func ForwardToken(eps JwtBearerEndpoints, params JwtBearerFlowParams) error {
 	var (
 		client  = params.Client