1 files changed, 8 insertions, 8 deletions

diff --git a/src/api/auth/oauth.rs b/src/api/auth/oauth.rs
index 6d2f700..c159352 100644
--- a/src/api/auth/oauth.rs
+++ b/src/api/auth/oauth.rs
@@ -9,12 +9,13 @@ use subtle::ConstantTimeEq;
 
 use crate::api::auth::WithVerifiedFxaLogin;
 use crate::api::{Empty, EMPTY};
+use crate::crypto::SessionToken;
 use crate::db::DbConn;
 use crate::types::oauth::{Scope, ScopeSet};
 use crate::{
     api::{auth, serialize_dt},
     auth::Authenticated,
-    crypto::{SecretBytes, SessionCredentials},
+    crypto::SessionCredentials,
     types::{
         HawkKey, OauthAccessToken, OauthAccessType, OauthAuthorization, OauthAuthorizationID,
         OauthRefreshToken, OauthToken, OauthTokenID, SessionID, UserID,
@@ -278,7 +279,7 @@ pub(crate) struct TokenResp {
     refresh_token: Option<OauthToken>,
     // MISSING id_token
     #[serde(skip_serializing_if = "Option::is_none")]
-    session_token: Option<String>,
+    session_token: Option<SessionToken>,
     scope: ScopeSet,
     token_type: TokenType,
     expires_in: u32,
@@ -391,18 +392,17 @@ async fn token_impl(
 
     let (refresh_token, session_token) = if access_type == Some(OauthAccessType::Offline) {
         let (session_token, session_id) = if scope.implies(&SESSION_SCOPE) {
-            let session_token = SecretBytes::generate();
-            let session = SessionCredentials::derive(&session_token);
-            let session_id = SessionID(session.token_id.0);
+            let session_token = SessionToken::generate();
+            let session = SessionCredentials::derive_from(&session_token);
             db.add_session(
-                session_id.clone(),
+                session.token_id.clone(),
                 &user_id,
                 HawkKey(session.req_hmac_key.0),
                 true,
                 None,
             )
             .await?;
-            (Some(session_token.0), Some(SessionID(session.token_id.0)))
+            (Some(session_token), Some(session.token_id))
         } else {
             (None, None)
         };
@@ -426,7 +426,7 @@ async fn token_impl(
     Ok(Json(TokenResp {
         access_token,
         refresh_token,
-        session_token: session_token.map(hex::encode),
+        session_token,
         scope: scope.remove(&SESSION_SCOPE),
         token_type: TokenType::Bearer,
         expires_in: ttl,