MDL-59510 core: report oauth2_refresh_token table in core provider

mvaraujo · Oct 5, 2020 · f5046a5 · f5046a5
1 parent 0132037
commit f5046a5
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/lang/en/moodle.php b/lang/en/moodle.php
@@ -1630,6 +1630,13 @@
 $string['privacy:metadata:log:time'] = 'The time when the action took place';
 $string['privacy:metadata:log:url'] = 'The URL related to the event';
 $string['privacy:metadata:log:userid'] = 'The ID of the user who performed the action';
+$string['privacy:metadata:oauth2_refresh_token'] = 'Refresh token used in OAuth 2.0 communication';
+$string['privacy:metadata:oauth2_refresh_token:issuerid'] = 'The ID of the issuer to which the token corresponds';
+$string['privacy:metadata:oauth2_refresh_token:scopehash'] = 'The ID of the user to whom the token corresponds';
+$string['privacy:metadata:oauth2_refresh_token:token'] = 'The refresh token for the respective scopes and user';
+$string['privacy:metadata:oauth2_refresh_token:timecreated'] = 'The time when the token was created';
+$string['privacy:metadata:oauth2_refresh_token:timemodified'] = 'The time when the token was last updated';
+$string['privacy:metadata:oauth2_refresh_token:userid'] = 'The ID of the user to whom the token corresponds';
 $string['privacy:metadata:task_adhoc'] = 'The status of ad hoc tasks.';
 $string['privacy:metadata:task_adhoc:component'] = 'The component owning the task.';
 $string['privacy:metadata:task_adhoc:nextruntime'] = 'The earliest time to run this task.';

diff --git a/lib/classes/privacy/provider.php b/lib/classes/privacy/provider.php
@@ -114,6 +114,17 @@ public static function get_metadata(collection $collection) : collection {
             'info' => 'privacy:metadata:log:info'
         ], 'privacy:metadata:log');
 
+        // The oauth2_refresh_token stores refresh tokens, allowing ongoing access to select oauth2 services.
+        // Such tokens are not considered to be user data.
+        $collection->add_database_table('oauth2_refresh_token', [
+            'timecreated' => 'privacy:metadata:oauth2_refresh_token:timecreated',
+            'timemodified' => 'privacy:metadata:oauth2_refresh_token:timemodified',
+            'userid' => 'privacy:metadata:oauth2_refresh_token:userid',
+            'issuerid' => 'privacy:metadata:oauth2_refresh_token:issuerid',
+            'token' => 'privacy:metadata:oauth2_refresh_token:token',
+            'scopehash' => 'privacy:metadata:oauth2_refresh_token:scopehash'
+        ], 'privacy:metadata:oauth2_refresh_token');
+
         return $collection;
     }