forked from ory/fosite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
revocation.go
76 lines (65 loc) · 2.32 KB
/
revocation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/*
* Copyright © 2015-2018 Aeneas Rekkas <[email protected]>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @author Aeneas Rekkas <[email protected]>
* @copyright 2015-2018 Aeneas Rekkas <[email protected]>
* @license Apache-2.0
*
*/
package oauth2
import (
"context"
"github.com/pkg/errors"
"github.com/ory/fosite"
)
type TokenRevocationHandler struct {
TokenRevocationStorage TokenRevocationStorage
RefreshTokenStrategy RefreshTokenStrategy
AccessTokenStrategy AccessTokenStrategy
}
// RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1
// The token type hint indicates which token type check should be performed first.
func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error {
discoveryFuncs := []func() (request fosite.Requester, err error){
func() (request fosite.Requester, err error) {
// Refresh token
signature := r.RefreshTokenStrategy.RefreshTokenSignature(token)
return r.TokenRevocationStorage.GetRefreshTokenSession(ctx, signature, nil)
},
func() (request fosite.Requester, err error) {
// Access token
signature := r.AccessTokenStrategy.AccessTokenSignature(token)
return r.TokenRevocationStorage.GetAccessTokenSession(ctx, signature, nil)
},
}
// Token type hinting
if tokenType == fosite.AccessToken {
discoveryFuncs[0], discoveryFuncs[1] = discoveryFuncs[1], discoveryFuncs[0]
}
var ar fosite.Requester
var err error
if ar, err = discoveryFuncs[0](); err != nil {
ar, err = discoveryFuncs[1]()
}
if err != nil {
return err
}
if ar.GetClient().GetID() != client.GetID() {
return errors.WithStack(fosite.ErrRevokationClientMismatch)
}
r.TokenRevocationStorage.RevokeRefreshToken(ctx, ar)
r.TokenRevocationStorage.RevokeAccessToken(ctx, ar)
return nil
}