MCPcopy
hub / github.com/ory/hydra / NewRevocationRequest

Method NewRevocationRequest

fosite/revoke_handler.go:37–75  ·  view source on GitHub ↗

NewRevocationRequest handles incoming token revocation requests and validates various parameters as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 The authorization server first validates the client credentials (in case of a confidential client) and then verifies whether the token wa

(ctx context.Context, r *http.Request)

Source from the content-addressed store, hash-verified

35// An invalid token type hint value is ignored by the authorization
36// server and does not influence the revocation response.
37func (f *Fosite) NewRevocationRequest(ctx context.Context, r *http.Request) (err error) {
38 ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("github.com/ory/hydra/v2/fosite").Start(ctx, "Fosite.NewRevocationRequest")
39 defer otelx.End(span, &err)
40
41 ctx = context.WithValue(ctx, RequestContextKey, r)
42
43 if r.Method != "POST" {
44 return errorsx.WithStack(ErrInvalidRequest.WithHintf("HTTP method is '%s' but expected 'POST'.", r.Method))
45 } else if err := r.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart {
46 return errorsx.WithStack(ErrInvalidRequest.WithHint("Unable to parse HTTP body, make sure to send a properly formatted form request body.").WithWrap(err).WithDebug(err.Error()))
47 } else if len(r.PostForm) == 0 {
48 return errorsx.WithStack(ErrInvalidRequest.WithHint("The POST body can not be empty."))
49 }
50
51 client, err := f.AuthenticateClient(ctx, r, r.PostForm)
52 if err != nil {
53 return err
54 }
55
56 token := r.PostForm.Get("token")
57 tokenTypeHint := TokenType(r.PostForm.Get("token_type_hint"))
58
59 var found = false
60 for _, loader := range f.Config.GetRevocationHandlers(ctx) {
61 if err := loader.RevokeToken(ctx, token, tokenTypeHint, client); err == nil {
62 found = true
63 } else if errors.Is(err, ErrUnknownRequest) {
64 // do nothing
65 } else if err != nil {
66 return err
67 }
68 }
69
70 if !found {
71 return errorsx.WithStack(ErrInvalidRequest)
72 }
73
74 return nil
75}
76
77// WriteRevocationResponse writes a token revocation response as specified in:
78// https://tools.ietf.org/html/rfc7009#section-2.2

Callers 1

TestNewRevocationRequestFunction · 0.95

Calls 12

AuthenticateClientMethod · 0.95
TokenTypeTypeAlias · 0.85
WithHintfMethod · 0.80
WithDebugMethod · 0.80
WithWrapMethod · 0.80
WithHintMethod · 0.80
TracerMethod · 0.65
GetMethod · 0.65
GetRevocationHandlersMethod · 0.65
RevokeTokenMethod · 0.65
ErrorMethod · 0.45
IsMethod · 0.45

Tested by 1

TestNewRevocationRequestFunction · 0.76