Added method to revoke refresh tokens #111
Conversation
Auth0/Auth0Authentication.swift
Outdated
| @@ -176,6 +176,16 @@ struct Auth0Authentication: Authentication { | |||
| return Request(session: session, url: oauthToken, method: "POST", handle: authenticationObject, payload: payload, logger: self.logger, telemetry: self.telemetry) | |||
| } | |||
|
|
|||
| func revoke(refreshToken: String) -> Request<Void, AuthenticationError> { | |||
| let payload: [String: Any] = [ | |||
| "tokenEndpointAuthMethod": "none", | |||
There was a problem hiding this comment.
Also this is missing the grant_type AFAIK, did it work without it?
There was a problem hiding this comment.
I based on https://auth0.com/docs/tokens/preview/refresh-token#revoke-a-refresh-token
grant_type not mentioned either. (I don't have access to auth0-server to check source)
There was a problem hiding this comment.
But you can ask the rest of the team who already implemented the feature
There was a problem hiding this comment.
I believe this is already done in Android right @lbalmaceda ?
There was a problem hiding this comment.
Disregard the grant_type comment since its not needed here (got confused with refresh token) so the referenced parameter is not needed. Checked with @lbalmaceda
Auth0/Response.swift
Outdated
| @@ -57,7 +57,7 @@ struct Response<E: Auth0Error> { | |||
| return json | |||
| } | |||
| // This piece of code is dedicated to our friends the backend devs :) | |||
| if response.url?.lastPathComponent == "change_password" { | |||
| if response.url?.lastPathComponent == "change_password" || response.url?.lastPathComponent == "revoke" { | |||
There was a problem hiding this comment.
Well ideally we shouldn't, no reason API couldn't return JSON eg { 'success': 1 }. Both endpoints change_password and revoke return no body (HTTP 2OO only) success, so paired it up with the original hack/workaround (otherwise it will throw as there is no content).
In general code is set up to expect JSON, you could change this if/else block to return nil. The Handlers.swift should certainly be able to deal with it, but no doubt other potential issues hence the original workaround?
There was a problem hiding this comment.
That if is a hack to avoid blowing up for change_password since it does not follow the rules of content negotiation. I'd avoid adding extra hacks like this, I though we have a way to tell there is no response or I will ignore the response (Maybe in Guardian.swift we did something like it)
There was a problem hiding this comment.
It's dealt with in Guardian, but not so transferrable https://github.com/auth0/Guardian.swift/blob/master/Guardian/Request.swift#L88
I looked at the changed_password response, forgot it returned plain text.
I've made a change, feel free to tell me if it sucks :).
Auth0Tests/AuthenticationSpec.swift
Outdated
| @@ -728,27 +759,27 @@ class AuthenticationSpec: QuickSpec { | |||
| } | |||
| } | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Check that you are adding spaces that should not be there
There was a problem hiding this comment.
Only change recently in editor was upgrading to 8.3.2, generally with tests I run Structure/Re-Indent
There was a problem hiding this comment.
Yes on update the config get messed up most of the times.
Added tests
cocojoe
force-pushed
the
added-authentication-revoke-refresh-token
branch
from
7bf039f
to
f3a1116
Compare
noBody handler use emptyBodyError
Public API
func revoke(refreshToken: String)Added tests