Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Revoke Refresh Token endpoint #170

Merged
merged 2 commits into from
Nov 27, 2018
Merged

Add Revoke Refresh Token endpoint #170

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
77aa9f0
add revoke refresh token endpoint
lbalmaceda Nov 23, 2018
d6af87f
chore comments
lbalmaceda Nov 27, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions auth0/v3/authentication/revoke_token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
from .base import AuthenticationBase


class RevokeToken(AuthenticationBase):

"""Revoke Refresh Token endpoint

Args:
domain (str): Your auth0 domain (e.g: username.auth0.com)
"""

def revoke_refresh_token(self, client_id, token, client_secret=None):
"""Revokes a Refresh Token if it has been compromised

Each revocation request invalidates not only the specific token, but all other tokens
based on the same authorization grant. This means that all Refresh Tokens that have
been issued for the same user, application, and audience will be revoked.

Args:
client_id (str): your application's client Id
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider:

The Client ID for your Application


token (str): the Refresh Token you want to revoke
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"The ..."


client_secret (str, optional): Your application's Client Secret.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider:

The Client Secret for your Application

Required for confidential applications.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is confusing ... what is a "confidential application?" This doesn't tell me much about when I should be using this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's explained like that in the api explorer linked. I'll add a more explicit link


See: https://auth0.com/docs/api/authentication#refresh-token
"""
body = {
'client_id': client_id,
'token': token,
'client_secret': client_secret
}

return self.post(
'https://{}/oauth/revoke'.format(self.domain), data=body)
38 changes: 38 additions & 0 deletions auth0/v3/test/authentication/test_revoke_token.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
import unittest
import mock
from ...authentication.revoke_token import RevokeToken


class TestRevokeToken(unittest.TestCase):

@mock.patch('auth0.v3.authentication.revoke_token.RevokeToken.post')
def test_revoke_refresh_token(self, mock_post):

a = RevokeToken('my.domain.com')

# regular apps
a.revoke_refresh_token(client_id='cid',
token='tkn')

args, kwargs = mock_post.call_args

self.assertEqual(args[0], 'https://my.domain.com/oauth/revoke')
self.assertEqual(kwargs['data'], {
'client_id': 'cid',
'token': 'tkn',
'client_secret': None
})

# confidential apps
a.revoke_refresh_token(client_id='cid',
token='tkn',
client_secret='sh!')

args, kwargs = mock_post.call_args

self.assertEqual(args[0], 'https://my.domain.com/oauth/revoke')
self.assertEqual(kwargs['data'], {
'client_id': 'cid',
'token': 'tkn',
'client_secret': 'sh!'
})