From 84d84e4ca49c02180828d65d95b841953ed04ef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 29 Aug 2018 01:25:40 +0200 Subject: [PATCH] OAuth: Support /revoke endpoint for revoking tokens (for compatibility with Mastodon) --- lib/pleroma/web/oauth/oauth_controller.ex | 12 ++++++++++++ lib/pleroma/web/router.ex | 1 + 2 files changed, 13 insertions(+) diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 934171585..160cedd8e 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -118,6 +118,18 @@ def token_exchange( token_exchange(conn, params) end + def token_revoke(conn, %{"token" => token} = params) do + with %App{} = app <- get_app_from_request(conn, params), + %Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id), + {:ok, %Token{}} <- Repo.delete(token) do + json(conn, %{}) + else + _error -> + # RFC 7009: invalid tokens [in the request] do not cause an error response + json(conn, %{}) + end + end + defp fix_padding(token) do token |> Base.url_decode64!(padding: false) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 927323794..5f746df31 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -93,6 +93,7 @@ def user_fetcher(username_or_email) do get("/authorize", OAuthController, :authorize) post("/authorize", OAuthController, :create_authorization) post("/token", OAuthController, :token_exchange) + post("/revoke", OAuthController, :token_revoke) end scope "/api/v1", Pleroma.Web.MastodonAPI do