OAuth: Support /revoke endpoint for revoking tokens
(for compatibility with Mastodon)
This commit is contained in:
parent
ad2a7972e7
commit
84d84e4ca4
2 changed files with 13 additions and 0 deletions
|
@ -118,6 +118,18 @@ def token_exchange(
|
||||||
token_exchange(conn, params)
|
token_exchange(conn, params)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def token_revoke(conn, %{"token" => token} = params) do
|
||||||
|
with %App{} = app <- get_app_from_request(conn, params),
|
||||||
|
%Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id),
|
||||||
|
{:ok, %Token{}} <- Repo.delete(token) do
|
||||||
|
json(conn, %{})
|
||||||
|
else
|
||||||
|
_error ->
|
||||||
|
# RFC 7009: invalid tokens [in the request] do not cause an error response
|
||||||
|
json(conn, %{})
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
defp fix_padding(token) do
|
defp fix_padding(token) do
|
||||||
token
|
token
|
||||||
|> Base.url_decode64!(padding: false)
|
|> Base.url_decode64!(padding: false)
|
||||||
|
|
|
@ -93,6 +93,7 @@ def user_fetcher(username_or_email) do
|
||||||
get("/authorize", OAuthController, :authorize)
|
get("/authorize", OAuthController, :authorize)
|
||||||
post("/authorize", OAuthController, :create_authorization)
|
post("/authorize", OAuthController, :create_authorization)
|
||||||
post("/token", OAuthController, :token_exchange)
|
post("/token", OAuthController, :token_exchange)
|
||||||
|
post("/revoke", OAuthController, :token_revoke)
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
scope "/api/v1", Pleroma.Web.MastodonAPI do
|
||||||
|
|
Loading…
Reference in a new issue