RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.
(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client)
| 30 | // RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 |
| 31 | // The token type hint indicates which token type check should be performed first. |
| 32 | func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error { |
| 33 | discoveryFuncs := []func() (request fosite.Requester, err error){ |
| 34 | func() (request fosite.Requester, err error) { |
| 35 | // Refresh token |
| 36 | signature := r.Strategy.RefreshTokenStrategy().RefreshTokenSignature(ctx, token) |
| 37 | return r.Storage.RefreshTokenStorage().GetRefreshTokenSession(ctx, signature, nil) |
| 38 | }, |
| 39 | func() (request fosite.Requester, err error) { |
| 40 | // Access token |
| 41 | signature := r.Strategy.AccessTokenStrategy().AccessTokenSignature(ctx, token) |
| 42 | return r.Storage.AccessTokenStorage().GetAccessTokenSession(ctx, signature, nil) |
| 43 | }, |
| 44 | } |
| 45 | |
| 46 | // Token type hinting |
| 47 | if tokenType == fosite.AccessToken { |
| 48 | discoveryFuncs[0], discoveryFuncs[1] = discoveryFuncs[1], discoveryFuncs[0] |
| 49 | } |
| 50 | |
| 51 | var ar fosite.Requester |
| 52 | var err1, err2 error |
| 53 | if ar, err1 = discoveryFuncs[0](); err1 != nil { |
| 54 | ar, err2 = discoveryFuncs[1]() |
| 55 | } |
| 56 | // err2 can only be not nil if first err1 was not nil |
| 57 | if err2 != nil { |
| 58 | return storeErrorsToRevocationError(err1, err2) |
| 59 | } |
| 60 | |
| 61 | if ar.GetClient().GetID() != client.GetID() { |
| 62 | return errorsx.WithStack(fosite.ErrUnauthorizedClient) |
| 63 | } |
| 64 | |
| 65 | requestID := ar.GetID() |
| 66 | err1 = r.Storage.TokenRevocationStorage().RevokeRefreshToken(ctx, requestID) |
| 67 | err2 = r.Storage.TokenRevocationStorage().RevokeAccessToken(ctx, requestID) |
| 68 | |
| 69 | return storeErrorsToRevocationError(err1, err2) |
| 70 | } |
| 71 | |
| 72 | func storeErrorsToRevocationError(err1, err2 error) error { |
| 73 | // both errors are fosite.ErrNotFound and fosite.ErrInactiveToken or nil <=> the token is revoked |