MCPcopy
hub / github.com/ory/hydra / RevokeToken

Method RevokeToken

fosite/handler/oauth2/revocation.go:32–70  ·  view source on GitHub ↗

RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.

(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client)

Source from the content-addressed store, hash-verified

30// RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1
31// The token type hint indicates which token type check should be performed first.
32func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error {
33 discoveryFuncs := []func() (request fosite.Requester, err error){
34 func() (request fosite.Requester, err error) {
35 // Refresh token
36 signature := r.Strategy.RefreshTokenStrategy().RefreshTokenSignature(ctx, token)
37 return r.Storage.RefreshTokenStorage().GetRefreshTokenSession(ctx, signature, nil)
38 },
39 func() (request fosite.Requester, err error) {
40 // Access token
41 signature := r.Strategy.AccessTokenStrategy().AccessTokenSignature(ctx, token)
42 return r.Storage.AccessTokenStorage().GetAccessTokenSession(ctx, signature, nil)
43 },
44 }
45
46 // Token type hinting
47 if tokenType == fosite.AccessToken {
48 discoveryFuncs[0], discoveryFuncs[1] = discoveryFuncs[1], discoveryFuncs[0]
49 }
50
51 var ar fosite.Requester
52 var err1, err2 error
53 if ar, err1 = discoveryFuncs[0](); err1 != nil {
54 ar, err2 = discoveryFuncs[1]()
55 }
56 // err2 can only be not nil if first err1 was not nil
57 if err2 != nil {
58 return storeErrorsToRevocationError(err1, err2)
59 }
60
61 if ar.GetClient().GetID() != client.GetID() {
62 return errorsx.WithStack(fosite.ErrUnauthorizedClient)
63 }
64
65 requestID := ar.GetID()
66 err1 = r.Storage.TokenRevocationStorage().RevokeRefreshToken(ctx, requestID)
67 err2 = r.Storage.TokenRevocationStorage().RevokeAccessToken(ctx, requestID)
68
69 return storeErrorsToRevocationError(err1, err2)
70}
71
72func storeErrorsToRevocationError(err1, err2 error) error {
73 // both errors are fosite.ErrNotFound and fosite.ErrInactiveToken or nil <=> the token is revoked

Callers 1

TestRevokeTokenFunction · 0.95

Calls 15

GetClientMethod · 0.95
GetIDMethod · 0.95
RefreshTokenSignatureMethod · 0.65
RefreshTokenStrategyMethod · 0.65
RefreshTokenStorageMethod · 0.65
AccessTokenSignatureMethod · 0.65
AccessTokenStrategyMethod · 0.65
GetAccessTokenSessionMethod · 0.65
AccessTokenStorageMethod · 0.65
GetIDMethod · 0.65

Tested by 1

TestRevokeTokenFunction · 0.76