Skip to content

#288 Revoke handler #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 8, 2018
Merged

#288 Revoke handler #289

merged 4 commits into from
Aug 8, 2018

Conversation

@visvk
Copy link
Contributor

@visvk visvk commented Mar 30, 2016
edited
Loading

Implementation of RFC7009
This revocation mechanism allows a client to invalidate its tokens if the end-user logs out, changes identity, or uninstalls the respective application.
Security Considerations

Implementations MUST support the revocation of refresh tokens and
SHOULD support the revocation of access tokens (see Implementation
Note).

  • Added support for Refresh-token Revocation

    rfc7009#2.2

The authorization server responds with HTTP status code 200 if the
token has been revoked successfully or if the client submitted an
invalid token.
Note: invalid tokens do not cause an error response since the client
cannot handle such an error in a reasonable way. Moreover, the
purpose of the revocation request, invalidating the particular token,
is already achieved.

Next features:

  • Support for access-token revocation

@visvk visvk force-pushed the revoke-handler branch 3 times, most recently from 9092177 to cb4059a Compare March 31, 2016 10:06
@visvk visvk force-pushed the revoke-handler branch 3 times, most recently from 4bcf7cf to 7e23cc4 Compare August 18, 2016 10:47
@nunofgs
Copy link
Collaborator

nunofgs commented Oct 13, 2016

This looks great in concept. I haven't looked at the implementation in detail but this makes a lot of sense.

@ruimarinho ruimarinho modified the milestone: 3.1.0 Oct 14, 2016
@mjsalinger mjsalinger changed the base branch from master to dev August 7, 2018 11:53
@mjsalinger
Copy link
Contributor

mjsalinger commented Aug 7, 2018

@visvk Can you rebase to remove conflicts?

@mjsalinger mjsalinger self-assigned this Aug 7, 2018
visvk added 4 commits August 7, 2018 14:32
@visvk
revoke-handler: implementation
3fc1f3e
@visvk
revoke-handler: revoke accessToken
592c809 
- revoke accessToken implementation
- The token being revoked must belong to the requesting client
- invalid tokens do not cause an error response
@visvk
Rebase revoke-handler to oauthjs:dev
2677693
@visvk
revoke-handler: throw InvalidClientError if client_id does not match …
6a61aa5 
…with token.client.id
@visvk
Copy link
Contributor Author

visvk commented Aug 7, 2018

@mjsalinger done

mjsalinger
mjsalinger approved these changes Aug 8, 2018
View reviewed changes
Copy link
Contributor

@mjsalinger mjsalinger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mjsalinger mjsalinger merged commit ba13288 into oauthjs:dev Aug 8, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mjsalinger mjsalinger mjsalinger approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mjsalinger mjsalinger

Labels

awaiting-response enhancement v3

Projects

None yet

Milestone

3.1.0

Development

Successfully merging this pull request may close these issues.

5 participants

@visvk @nunofgs @mjsalinger @ruimarinho @maxtruxa