OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
This commit is contained in:
parent
ad2a7972e7
commit
84d84e4ca4
2 changed files with 13 additions and 0 deletions
|
@ -118,6 +118,18 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|
|||
token_exchange(conn, params)
|
||||
end
|
||||
|
||||
def token_revoke(conn, %{"token" => token} = params) do
|
||||
with %App{} = app <- get_app_from_request(conn, params),
|
||||
%Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id),
|
||||
{:ok, %Token{}} <- Repo.delete(token) do
|
||||
json(conn, %{})
|
||||
else
|
||||
_error ->
|
||||
# RFC 7009: invalid tokens [in the request] do not cause an error response
|
||||
json(conn, %{})
|
||||
end
|
||||
end
|
||||
|
||||
defp fix_padding(token) do
|
||||
token
|
||||
|> Base.url_decode64!(padding: false)
|
||||
|
|
|
@ -93,6 +93,7 @@ defmodule Pleroma.Web.Router do
|
|||
get("/authorize", OAuthController, :authorize)
|
||||
post("/authorize", OAuthController, :create_authorization)
|
||||
post("/token", OAuthController, :token_exchange)
|
||||
post("/revoke", OAuthController, :token_revoke)
|
||||
end
|
||||
|
||||
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
||||
|
|
Loading…
Reference in a new issue