Skip to content

Commit b8f3678

Browse files
adhocoreadhocore
committed
feat: add RevokeToken
1 parent da50d61 commit b8f3678

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

goic.go

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -459,6 +459,55 @@ func (g *Goic) SignOut(tok *Token, redir string, res http.ResponseWriter, req *h
459459
return nil
460460
}
461461

462+
// RevokeToken revokes a Token so that it is no longer usable
463+
func (g *Goic) RevokeToken(tok *Token) error {
464+
p, ok := g.providers[tok.Provider]
465+
if !ok || !p.CanRevoke() {
466+
return ErrProviderSupport
467+
}
468+
469+
tk, hint := tok.AccessToken, "access_token"
470+
if tk == "" && tok.RefreshToken != "" {
471+
tk, hint = tok.RefreshToken, "refresh_token"
472+
}
473+
if tk == "" {
474+
return ErrTokenAccessKey
475+
}
476+
477+
qry := url.Values{}
478+
qry.Add("token", tk)
479+
qry.Add("token_type_hint", hint)
480+
481+
req, err := http.NewRequest("POST", p.wellKnown.RevokeURI, strings.NewReader(qry.Encode()))
482+
if err != nil {
483+
return err
484+
}
485+
486+
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
487+
req.Header.Set("Authorization", p.AuthBasicHeader())
488+
res, err := http.DefaultClient.Do(req)
489+
if err != nil {
490+
return err
491+
}
492+
defer res.Body.Close()
493+
494+
body, err := ioutil.ReadAll(res.Body)
495+
if err != nil {
496+
return err
497+
}
498+
499+
var revoke map[string]interface{}
500+
if err := json.Unmarshal(body, &revoke); err != nil {
501+
return err
502+
}
503+
if e, ok := revoke["error"].(map[string]string); ok {
504+
if msg, ok := e["message"]; ok {
505+
return errors.New(msg)
506+
}
507+
}
508+
return nil
509+
}
510+
462511
// logIf logs if verbose is set
463512
func (g *Goic) logIf(s string, v ...interface{}) {
464513
if g.verbose {

0 commit comments

Comments
 (0)