tests and cleanup

pkg/http/marshal.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"reflect"
 )
 
 func MarshalJSON(w http.ResponseWriter, i interface{}) {
@@ -14,7 +15,7 @@ func MarshalJSON(w http.ResponseWriter, i interface{}) {
 func MarshalJSONWithStatus(w http.ResponseWriter, i interface{}, status int) {
 	w.Header().Set("content-type", "application/json")
 	w.WriteHeader(status)
-	if i == nil {
+	if i == nil || (reflect.ValueOf(i).Kind() == reflect.Ptr && reflect.ValueOf(i).IsNil()) {
 		return
 	}
 	err := json.NewEncoder(w).Encode(i)

pkg/http/marshal_test.go

@@ -2,7 +2,10 @@ package http
 
 import (
 	"bytes"
+	"net/http/httptest"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestConcatenateJSON(t *testing.T) {
@@ -88,3 +91,66 @@ func TestConcatenateJSON(t *testing.T) {
 		})
 	}
 }
+
+func TestMarshalJSONWithStatus(t *testing.T) {
+	type args struct {
+		i      interface{}
+		status int
+	}
+	type res struct {
+		statusCode int
+		body       string
+	}
+	tests := []struct {
+		name string
+		args args
+		res  res
+	}{
+		{
+			"empty ok",
+			args{
+				nil,
+				200,
+			},
+			res{
+				200,
+				"",
+			},
+		},
+		{
+			"string ok",
+			args{
+				"ok",
+				200,
+			},
+			res{
+				200,
+				`"ok"
+`,
+			},
+		},
+		{
+			"struct ok",
+			args{
+				struct {
+					Test string `json:"test"`
+				}{"ok"},
+				200,
+			},
+			res{
+				200,
+				`{"test":"ok"}
+`,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			w := httptest.NewRecorder()
+			MarshalJSONWithStatus(w, tt.args.i, tt.args.status)
+			assert.Equal(t, tt.res.statusCode, w.Result().StatusCode)
+			assert.Equal(t, "application/json", w.Header().Get("content-type"))
+			assert.Equal(t, tt.res.body, w.Body.String())
+		})
+	}
+}

pkg/oidc/error.go

@@ -5,53 +5,6 @@ import (
 	"fmt"
 )
 
-type Error struct {
-	Parent           error     `json:"-" schema:"-"`
-	ErrorType        errorType `json:"error" schema:"error"`
-	Description      string    `json:"error_description,omitempty" schema:"error_description,omitempty"`
-	State            string    `json:"state,omitempty" schema:"state,omitempty"`
-	redirectDisabled bool      `schema:"-"`
-}
-
-func (e *Error) Error() string {
-	message := "ErrorType=" + string(e.ErrorType)
-	if e.Description != "" {
-		message += " Description=" + e.Description
-	}
-	if e.Parent != nil {
-		message += " Parent=" + e.Parent.Error()
-	}
-	return message
-}
-
-func (e *Error) Unwrap() error {
-	return e.Parent
-}
-
-func (e *Error) Is(target error) bool {
-	t, ok := target.(*Error)
-	if !ok {
-		return false
-	}
-	return e.ErrorType == t.ErrorType &&
-		(e.Description == t.Description || t.Description == "") &&
-		(e.State == t.State || t.State == "")
-}
-
-func (e *Error) WithParent(err error) *Error {
-	e.Parent = err
-	return e
-}
-
-func (e *Error) WithDescription(desc string, args ...interface{}) *Error {
-	e.Description = fmt.Sprintf(desc, args...)
-	return e
-}
-
-func (e *Error) IsRedirectDisabled() bool {
-	return e.redirectDisabled
-}
-
 type errorType string
 
 const (
@@ -126,6 +79,53 @@ var (
 	}
 )
 
+type Error struct {
+	Parent           error     `json:"-" schema:"-"`
+	ErrorType        errorType `json:"error" schema:"error"`
+	Description      string    `json:"error_description,omitempty" schema:"error_description,omitempty"`
+	State            string    `json:"state,omitempty" schema:"state,omitempty"`
+	redirectDisabled bool      `schema:"-"`
+}
+
+func (e *Error) Error() string {
+	message := "ErrorType=" + string(e.ErrorType)
+	if e.Description != "" {
+		message += " Description=" + e.Description
+	}
+	if e.Parent != nil {
+		message += " Parent=" + e.Parent.Error()
+	}
+	return message
+}
+
+func (e *Error) Unwrap() error {
+	return e.Parent
+}
+
+func (e *Error) Is(target error) bool {
+	t, ok := target.(*Error)
+	if !ok {
+		return false
+	}
+	return e.ErrorType == t.ErrorType &&
+		(e.Description == t.Description || t.Description == "") &&
+		(e.State == t.State || t.State == "")
+}
+
+func (e *Error) WithParent(err error) *Error {
+	e.Parent = err
+	return e
+}
+
+func (e *Error) WithDescription(desc string, args ...interface{}) *Error {
+	e.Description = fmt.Sprintf(desc, args...)
+	return e
+}
+
+func (e *Error) IsRedirectDisabled() bool {
+	return e.redirectDisabled
+}
+
 // DefaultToServerError checks if the error is an Error
 // if not the provided error will be wrapped into a ServerError
 func DefaultToServerError(err error, description string) *Error {

pkg/op/auth_request.go

@@ -467,7 +467,7 @@ func BuildAuthRequestCode(authReq AuthRequest, crypto Crypto) (string, error) {
 func AuthResponseURL(redirectURI string, responseType oidc.ResponseType, responseMode oidc.ResponseMode, response interface{}, encoder httphelper.Encoder) (string, error) {
 	params, err := httphelper.URLEncodeResponse(response, encoder)
 	if err != nil {
-		return "", err
+		return "", oidc.ErrServerError().WithParent(err)
 	}
 	if responseMode == oidc.ResponseModeQuery {
 		return redirectURI + "?" + params, nil

pkg/op/auth_request_test.go

@@ -143,7 +143,6 @@ func TestParseAuthorizeRequest(t *testing.T) {
 	}
 }
 
-//TODO: extend cases
 func TestValidateAuthRequest(t *testing.T) {
 	type args struct {
 		authRequest *oidc.AuthRequest
@@ -155,10 +154,6 @@ func TestValidateAuthRequest(t *testing.T) {
 		args    args
 		wantErr error
 	}{
-		//TODO:
-		// {
-		// 	"oauth2 spec"
-		// }
 		{
 			"scope missing fails",
 			args{&oidc.AuthRequest{}, mock.NewMockStorageExpectValidClientID(t), nil},
@@ -198,8 +193,100 @@ func TestValidateAuthRequest(t *testing.T) {
 	}
 }
 
-//TODO: implement
+func TestValidateAuthReqPrompt(t *testing.T) {
-func TestValidateAuthReqPrompt(t *testing.T) {}
+	type args struct {
+		prompts []string
+		maxAge  *uint
+	}
+	type res struct {
+		maxAge *uint
+		err    error
+	}
+	tests := []struct {
+		name string
+		args args
+		res  res
+	}{
+		{
+			"no prompts and maxAge, ok",
+			args{
+				nil,
+				nil,
+			},
+			res{
+				nil,
+				nil,
+			},
+		},
+		{
+			"no prompts but maxAge, ok",
+			args{
+				nil,
+				oidc.NewMaxAge(10),
+			},
+			res{
+				oidc.NewMaxAge(10),
+				nil,
+			},
+		},
+		{
+			"prompt none, ok",
+			args{
+				[]string{"none"},
+				oidc.NewMaxAge(10),
+			},
+			res{
+				oidc.NewMaxAge(10),
+				nil,
+			},
+		},
+		{
+			"prompt none with others, err",
+			args{
+				[]string{"none", "login"},
+				oidc.NewMaxAge(10),
+			},
+			res{
+				nil,
+				oidc.ErrInvalidRequest(),
+			},
+		},
+		{
+			"prompt login, ok",
+			args{
+				[]string{"login"},
+				nil,
+			},
+			res{
+				oidc.NewMaxAge(0),
+				nil,
+			},
+		},
+		{
+			"prompt login with maxAge, ok",
+			args{
+				[]string{"login"},
+				oidc.NewMaxAge(10),
+			},
+			res{
+				oidc.NewMaxAge(0),
+				nil,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			maxAge, err := op.ValidateAuthReqPrompt(tt.args.prompts, tt.args.maxAge)
+			if tt.res.err == nil && err != nil {
+				t.Errorf("ValidateAuthRequest() unexpected error = %v", err)
+			}
+			if tt.res.err != nil && !errors.Is(err, tt.res.err) {
+				t.Errorf("ValidateAuthRequest() unexpected error = %v, want = %v", err, tt.res.err)
+			}
+			assert.Equal(t, tt.res.maxAge, maxAge)
+		})
+	}
+}
 
 func TestValidateAuthReqScopes(t *testing.T) {
 	type args struct {
@@ -474,7 +561,6 @@ func TestValidateAuthReqRedirectURI(t *testing.T) {
 	}
 }
 
-//TODO: test not parsable url
 func TestLoopbackOrLocalhost(t *testing.T) {
 	type args struct {
 		url string
@@ -484,6 +570,21 @@ func TestLoopbackOrLocalhost(t *testing.T) {
 		args args
 		want bool
 	}{
+		{
+			"not parsable, false",
+			args{url: string('\n')},
+			false,
+		},
+		{
+			"not http, false",
+			args{url: "localhost/test"},
+			false,
+		},
+		{
+			"not http, false",
+			args{url: "http://localhost.com/test"},
+			false,
+		},
 		{
 			"v4 no port ok",
 			args{url: "http://127.0.0.1/test"},
@@ -572,9 +673,6 @@ func TestValidateAuthReqResponseType(t *testing.T) {
 	}
 }
 
-//TODO: implement
-func TestValidateAuthReqIDTokenHint(t *testing.T) {}
-
 func TestRedirectToLogin(t *testing.T) {
 	type args struct {
 		authReqID string
@@ -606,55 +704,122 @@ func TestRedirectToLogin(t *testing.T) {
 	}
 }
 
-//TODO: implement
+func TestAuthResponseURL(t *testing.T) {
-func TestAuthorizeCallback(t *testing.T) {
 	type args struct {
-		w          http.ResponseWriter
+		redirectURI  string
-		r          *http.Request
+		responseType oidc.ResponseType
-		authorizer op.Authorizer
+		responseMode oidc.ResponseMode
+		response     interface{}
+		encoder      httphelper.Encoder
+	}
+	type res struct {
+		url string
+		err error
 	}
 	tests := []struct {
 		name string
 		args args
+		res  res
 	}{
-		// TODO: Add test cases.
+		{
+			"encoding error",
+			args{
+				"uri",
+				oidc.ResponseTypeCode,
+				"",
+				map[string]interface{}{"test": "test"},
+				&mockEncoder{
+					errors.New("error encoding"),
+				},
+			},
+			res{
+				"",
+				oidc.ErrServerError(),
+			},
+		},
+		{
+			"response mode query",
+			args{
+				"uri",
+				oidc.ResponseTypeIDToken,
+				oidc.ResponseModeQuery,
+				map[string][]string{"test": {"test"}},
+				&mockEncoder{},
+			},
+			res{
+				"uri?test=test",
+				nil,
+			},
+		},
+		{
+			"response mode fragment",
+			args{
+				"uri",
+				oidc.ResponseTypeCode,
+				oidc.ResponseModeFragment,
+				map[string][]string{"test": {"test"}},
+				&mockEncoder{},
+			},
+			res{
+				"uri#test=test",
+				nil,
+			},
+		},
+		{
+			"response type code",
+			args{
+				"uri",
+				oidc.ResponseTypeCode,
+				"",
+				map[string][]string{"test": {"test"}},
+				&mockEncoder{},
+			},
+			res{
+				"uri?test=test",
+				nil,
+			},
+		},
+		{
+			"response type id token",
+			args{
+				"uri",
+				oidc.ResponseTypeIDToken,
+				"",
+				map[string][]string{"test": {"test"}},
+				&mockEncoder{},
+			},
+			res{
+				"uri#test=test",
+				nil,
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			op.AuthorizeCallback(tt.args.w, tt.args.r, tt.args.authorizer)
+			got, err := op.AuthResponseURL(tt.args.redirectURI, tt.args.responseType, tt.args.responseMode, tt.args.response, tt.args.encoder)
+			if tt.res.err == nil && err != nil {
+				t.Errorf("ValidateAuthRequest() unexpected error = %v", err)
+			}
+			if tt.res.err != nil && !errors.Is(err, tt.res.err) {
+				t.Errorf("ValidateAuthRequest() unexpected error = %v, want = %v", err, tt.res.err)
+			}
+			if got != tt.res.url {
+				t.Errorf("AuthResponseURL() got = %v, want %v", got, tt.res.url)
+			}
 		})
 	}
 }
 
-//TODO: implement
+type mockEncoder struct {
-func TestAuthResponse(t *testing.T) {
+	err error
-	type args struct {
-		authReq    op.AuthRequest
-		authorizer op.Authorizer
-		w          http.ResponseWriter
-		r          *http.Request
-	}
-	tests := []struct {
-		name string
-		args args
-	}{
-		// TODO: Add test cases.
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			op.AuthResponse(tt.args.authReq, tt.args.authorizer, tt.args.w, tt.args.r)
-		})
-	}
 }
 
-//TODO: implement
+func (m *mockEncoder) Encode(src interface{}, dst map[string][]string) error {
-func TestAuthResponseCode(t *testing.T) {}
+	if m.err != nil {
-
+		return m.err
-//TODO: implement
+	}
-func TestAuthResponseToken(t *testing.T) {}
+	for s, strings := range src.(map[string][]string) {
-
+		dst[s] = strings
-//TODO: implement
+	}
-func TestCreateAuthRequestCode(t *testing.T) {}
+	return nil
-
+}
-//TODO: implement
-func TestBuildAuthRequestCode(t *testing.T) {}

pkg/op/error.go

@@ -18,8 +18,8 @@ func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthReq
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
-	e := oidc.DefaultToServerError(err, err.Error()) //TODO: desc?
+	e := oidc.DefaultToServerError(err, err.Error())
-	if authReq == nil || authReq.GetRedirectURI() == "" || e.IsRedirectDisabled() {
+	if authReq.GetRedirectURI() == "" || e.IsRedirectDisabled() {
 		http.Error(w, e.Description, http.StatusBadRequest)
 		return
 	}
@@ -37,7 +37,7 @@ func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthReq
 }
 
 func RequestError(w http.ResponseWriter, r *http.Request, err error) {
-	e := oidc.DefaultToServerError(err, err.Error()) //TODO: desc?
+	e := oidc.DefaultToServerError(err, err.Error())
 	status := http.StatusBadRequest
 	if e.ErrorType == oidc.InvalidClient {
 		status = 401

pkg/op/keys_test.go

@@ -46,20 +46,20 @@ func TestKeys(t *testing.T) {
 `,
 			},
 		},
-		//{
+		{
-		//	name: "empty list",
+			name: "empty list",
-		//	args: args{
+			args: args{
-		//		k: func() op.KeyProvider {
+				k: func() op.KeyProvider {
-		//			m := mock.NewMockKeyProvider(gomock.NewController(t))
+					m := mock.NewMockKeyProvider(gomock.NewController(t))
-		//			m.EXPECT().GetKeySet(gomock.Any()).Return(nil, nil)
+					m.EXPECT().GetKeySet(gomock.Any()).Return(nil, nil)
-		//			return m
+					return m
-		//		}(),
+				}(),
-		//	},
+			},
-		//	res: res{
+			res: res{
-		//		statusCode:  http.StatusInternalServerError,
+				statusCode:  http.StatusOK,
-		//		contentType: "application/json",
+				contentType: "application/json",
-		//	},
+			},
-		//},
+		},
 		{
 			name: "list",
 			args: args{

pkg/op/mock/authorizer.mock.go

@@ -5,11 +5,11 @@
 package mock
 
 import (
-	"reflect"
+	reflect "reflect"
 
-	utils "github.com/caos/oidc/pkg/http"
+	http "github.com/caos/oidc/pkg/http"
-	"github.com/caos/oidc/pkg/op"
+	op "github.com/caos/oidc/pkg/op"
-	"github.com/golang/mock/gomock"
+	gomock "github.com/golang/mock/gomock"
 )
 
 // MockAuthorizer is a mock of Authorizer interface.
@@ -50,10 +50,10 @@ func (mr *MockAuthorizerMockRecorder) Crypto() *gomock.Call {
 }
 
 // Decoder mocks base method.
-func (m *MockAuthorizer) Decoder() utils.Decoder {
+func (m *MockAuthorizer) Decoder() http.Decoder {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Decoder")
-	ret0, _ := ret[0].(utils.Decoder)
+	ret0, _ := ret[0].(http.Decoder)
 	return ret0
 }
 
@@ -64,10 +64,10 @@ func (mr *MockAuthorizerMockRecorder) Decoder() *gomock.Call {
 }
 
 // Encoder mocks base method.
-func (m *MockAuthorizer) Encoder() utils.Encoder {
+func (m *MockAuthorizer) Encoder() http.Encoder {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Encoder")
-	ret0, _ := ret[0].(utils.Encoder)
+	ret0, _ := ret[0].(http.Encoder)
 	return ret0
 }
 
@@ -105,6 +105,20 @@ func (mr *MockAuthorizerMockRecorder) Issuer() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Issuer", reflect.TypeOf((*MockAuthorizer)(nil).Issuer))
 }
 
+// RequestObjectSupported mocks base method.
+func (m *MockAuthorizer) RequestObjectSupported() bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "RequestObjectSupported")
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// RequestObjectSupported indicates an expected call of RequestObjectSupported.
+func (mr *MockAuthorizerMockRecorder) RequestObjectSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RequestObjectSupported", reflect.TypeOf((*MockAuthorizer)(nil).RequestObjectSupported))
+}
+
 // Signer mocks base method.
 func (m *MockAuthorizer) Signer() op.Signer {
 	m.ctrl.T.Helper()

pkg/op/mock/configuration.mock.go

@@ -147,6 +147,20 @@ func (mr *MockConfigurationMockRecorder) GrantTypeTokenExchangeSupported() *gomo
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GrantTypeTokenExchangeSupported", reflect.TypeOf((*MockConfiguration)(nil).GrantTypeTokenExchangeSupported))
 }
 
+// IntrospectionAuthMethodPrivateKeyJWTSupported mocks base method.
+func (m *MockConfiguration) IntrospectionAuthMethodPrivateKeyJWTSupported() bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "IntrospectionAuthMethodPrivateKeyJWTSupported")
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// IntrospectionAuthMethodPrivateKeyJWTSupported indicates an expected call of IntrospectionAuthMethodPrivateKeyJWTSupported.
+func (mr *MockConfigurationMockRecorder) IntrospectionAuthMethodPrivateKeyJWTSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IntrospectionAuthMethodPrivateKeyJWTSupported", reflect.TypeOf((*MockConfiguration)(nil).IntrospectionAuthMethodPrivateKeyJWTSupported))
+}
+
 // IntrospectionEndpoint mocks base method.
 func (m *MockConfiguration) IntrospectionEndpoint() op.Endpoint {
 	m.ctrl.T.Helper()
@@ -161,6 +175,20 @@ func (mr *MockConfigurationMockRecorder) IntrospectionEndpoint() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IntrospectionEndpoint", reflect.TypeOf((*MockConfiguration)(nil).IntrospectionEndpoint))
 }
 
+// IntrospectionEndpointSigningAlgorithmsSupported mocks base method.
+func (m *MockConfiguration) IntrospectionEndpointSigningAlgorithmsSupported() []string {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "IntrospectionEndpointSigningAlgorithmsSupported")
+	ret0, _ := ret[0].([]string)
+	return ret0
+}
+
+// IntrospectionEndpointSigningAlgorithmsSupported indicates an expected call of IntrospectionEndpointSigningAlgorithmsSupported.
+func (mr *MockConfigurationMockRecorder) IntrospectionEndpointSigningAlgorithmsSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "IntrospectionEndpointSigningAlgorithmsSupported", reflect.TypeOf((*MockConfiguration)(nil).IntrospectionEndpointSigningAlgorithmsSupported))
+}
+
 // Issuer mocks base method.
 func (m *MockConfiguration) Issuer() string {
 	m.ctrl.T.Helper()
@@ -189,6 +217,48 @@ func (mr *MockConfigurationMockRecorder) KeysEndpoint() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "KeysEndpoint", reflect.TypeOf((*MockConfiguration)(nil).KeysEndpoint))
 }
 
+// RequestObjectSigningAlgorithmsSupported mocks base method.
+func (m *MockConfiguration) RequestObjectSigningAlgorithmsSupported() []string {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "RequestObjectSigningAlgorithmsSupported")
+	ret0, _ := ret[0].([]string)
+	return ret0
+}
+
+// RequestObjectSigningAlgorithmsSupported indicates an expected call of RequestObjectSigningAlgorithmsSupported.
+func (mr *MockConfigurationMockRecorder) RequestObjectSigningAlgorithmsSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RequestObjectSigningAlgorithmsSupported", reflect.TypeOf((*MockConfiguration)(nil).RequestObjectSigningAlgorithmsSupported))
+}
+
+// RequestObjectSupported mocks base method.
+func (m *MockConfiguration) RequestObjectSupported() bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "RequestObjectSupported")
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// RequestObjectSupported indicates an expected call of RequestObjectSupported.
+func (mr *MockConfigurationMockRecorder) RequestObjectSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RequestObjectSupported", reflect.TypeOf((*MockConfiguration)(nil).RequestObjectSupported))
+}
+
+// RevocationEndpoint mocks base method.
+func (m *MockConfiguration) RevocationEndpoint() op.Endpoint {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "RevocationEndpoint")
+	ret0, _ := ret[0].(op.Endpoint)
+	return ret0
+}
+
+// RevocationEndpoint indicates an expected call of RevocationEndpoint.
+func (mr *MockConfigurationMockRecorder) RevocationEndpoint() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RevocationEndpoint", reflect.TypeOf((*MockConfiguration)(nil).RevocationEndpoint))
+}
+
 // SupportedUILocales mocks base method.
 func (m *MockConfiguration) SupportedUILocales() []language.Tag {
 	m.ctrl.T.Helper()
@@ -217,6 +287,20 @@ func (mr *MockConfigurationMockRecorder) TokenEndpoint() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "TokenEndpoint", reflect.TypeOf((*MockConfiguration)(nil).TokenEndpoint))
 }
 
+// TokenEndpointSigningAlgorithmsSupported mocks base method.
+func (m *MockConfiguration) TokenEndpointSigningAlgorithmsSupported() []string {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "TokenEndpointSigningAlgorithmsSupported")
+	ret0, _ := ret[0].([]string)
+	return ret0
+}
+
+// TokenEndpointSigningAlgorithmsSupported indicates an expected call of TokenEndpointSigningAlgorithmsSupported.
+func (mr *MockConfigurationMockRecorder) TokenEndpointSigningAlgorithmsSupported() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "TokenEndpointSigningAlgorithmsSupported", reflect.TypeOf((*MockConfiguration)(nil).TokenEndpointSigningAlgorithmsSupported))
+}
+
 // UserinfoEndpoint mocks base method.
 func (m *MockConfiguration) UserinfoEndpoint() op.Endpoint {
 	m.ctrl.T.Helper()

pkg/op/mock/storage.mock.go

@@ -230,6 +230,20 @@ func (mr *MockStorageMockRecorder) Health(arg0 interface{}) *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Health", reflect.TypeOf((*MockStorage)(nil).Health), arg0)
 }
 
+// RevokeToken mocks base method.
+func (m *MockStorage) RevokeToken(arg0 context.Context, arg1, arg2, arg3 string) *oidc.Error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "RevokeToken", arg0, arg1, arg2, arg3)
+	ret0, _ := ret[0].(*oidc.Error)
+	return ret0
+}
+
+// RevokeToken indicates an expected call of RevokeToken.
+func (mr *MockStorageMockRecorder) RevokeToken(arg0, arg1, arg2, arg3 interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RevokeToken", reflect.TypeOf((*MockStorage)(nil).RevokeToken), arg0, arg1, arg2, arg3)
+}
+
 // SaveAuthCode mocks base method.
 func (m *MockStorage) SaveAuthCode(arg0 context.Context, arg1, arg2 string) error {
 	m.ctrl.T.Helper()

pkg/op/token_revocation.go

@@ -43,7 +43,8 @@ func Revoke(w http.ResponseWriter, r *http.Request, revoker Revoker) {
 		RevocationRequestError(w, r, err)
 		return
 	}
-	httphelper.MarshalJSON(w, nil)
+	var i interface{}
+	httphelper.MarshalJSON(w, i)
 	return
 }