NewRevocationRequest handles incoming token revocation requests and validates various parameters as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 The authorization server first validates the client credentials (in case of a confidential client) and then verifies whether the token wa
(ctx context.Context, r *http.Request)
| 35 | // An invalid token type hint value is ignored by the authorization |
| 36 | // server and does not influence the revocation response. |
| 37 | func (f *Fosite) NewRevocationRequest(ctx context.Context, r *http.Request) (err error) { |
| 38 | ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("github.com/ory/hydra/v2/fosite").Start(ctx, "Fosite.NewRevocationRequest") |
| 39 | defer otelx.End(span, &err) |
| 40 | |
| 41 | ctx = context.WithValue(ctx, RequestContextKey, r) |
| 42 | |
| 43 | if r.Method != "POST" { |
| 44 | return errorsx.WithStack(ErrInvalidRequest.WithHintf("HTTP method is '%s' but expected 'POST'.", r.Method)) |
| 45 | } else if err := r.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart { |
| 46 | return errorsx.WithStack(ErrInvalidRequest.WithHint("Unable to parse HTTP body, make sure to send a properly formatted form request body.").WithWrap(err).WithDebug(err.Error())) |
| 47 | } else if len(r.PostForm) == 0 { |
| 48 | return errorsx.WithStack(ErrInvalidRequest.WithHint("The POST body can not be empty.")) |
| 49 | } |
| 50 | |
| 51 | client, err := f.AuthenticateClient(ctx, r, r.PostForm) |
| 52 | if err != nil { |
| 53 | return err |
| 54 | } |
| 55 | |
| 56 | token := r.PostForm.Get("token") |
| 57 | tokenTypeHint := TokenType(r.PostForm.Get("token_type_hint")) |
| 58 | |
| 59 | var found = false |
| 60 | for _, loader := range f.Config.GetRevocationHandlers(ctx) { |
| 61 | if err := loader.RevokeToken(ctx, token, tokenTypeHint, client); err == nil { |
| 62 | found = true |
| 63 | } else if errors.Is(err, ErrUnknownRequest) { |
| 64 | // do nothing |
| 65 | } else if err != nil { |
| 66 | return err |
| 67 | } |
| 68 | } |
| 69 | |
| 70 | if !found { |
| 71 | return errorsx.WithStack(ErrInvalidRequest) |
| 72 | } |
| 73 | |
| 74 | return nil |
| 75 | } |
| 76 | |
| 77 | // WriteRevocationResponse writes a token revocation response as specified in: |
| 78 | // https://tools.ietf.org/html/rfc7009#section-2.2 |