feat: add rp.RevokeToken

2022-10-13 16:20:30 -07:00 · 2022-10-13 16:20:30 -07:00 · 763d69b4ca
commit 763d69b4ca
parent 01021e71a0
6 changed files with 90 additions and 5 deletions
--- a/pkg/op/storage.go
+++ b/pkg/op/storage.go
@ -39,7 +39,12 @@ type AuthStorage interface {
 	TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (RefreshTokenRequest, error)

 	TerminateSession(ctx context.Context, userID string, clientID string) error
-	RevokeToken(ctx context.Context, tokenID string, userID string, clientID string) *oidc.Error
+
+	// RevokeToken should revoke a token. In the situation that the original request was to
+	// revoke an access token, then tokenOrTokenID will be a tokenID and userID will be set
+	// but if the original request was for a refresh token, then userID will be empty and
+	// tokenOrTokenID will be the refresh token, not its ID.
+	RevokeToken(ctx context.Context, tokenOrTokenID string, userID string, clientID string) *oidc.Error

 	GetSigningKey(context.Context, chan<- jose.SigningKey)
 	GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
--- a/pkg/op/token_revocation.go
+++ b/pkg/op/token_revocation.go
@ -113,8 +113,11 @@ func ParseTokenRevocationRequest(r *http.Request, revoker Revoker) (token, token
 func RevocationRequestError(w http.ResponseWriter, r *http.Request, err error) {
 	e := oidc.DefaultToServerError(err, err.Error())
 	status := http.StatusBadRequest
-	if e.ErrorType == oidc.InvalidClient {
+	switch e.ErrorType {
+	case oidc.InvalidClient:
 		status = 401
+	case oidc.ServerError:
+		status = 500
 	}
 	httphelper.MarshalJSONWithStatus(w, e, status)
 }