def revocation_endpoint(self, authn='', request=None, **kwargs): """ Implements RFC7009 allows a client to invalidate an access or refresh token. :param authn: Client Authentication information :param request: The revocation request :param kwargs: :return: """ trr = TokenRevocationRequest().deserialize(request, "urlencoded") resp = self.get_token_info(authn, trr, 'revocation_endpoint') if isinstance(resp, Response): return resp else: client_id, token_type, _info = resp logger.info('{} token revocation: {}'.format(client_id, trr.to_dict())) try: self.sdb.token_factory[token_type].invalidate(trr['token']) except KeyError: return BadRequest() else: return Response('OK')
def test_token_revocation_and_introspection(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory["code"](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", "response_type": ["code"], } # Construct Access token request areq = AccessTokenRequest( code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type="authorization_code", ) resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") req = TokenRevocationRequest( token=atr["access_token"], client_id="client1", client_secret="hemlighet", token_type_hint="access_token", ) resp = self.provider.revocation_endpoint(request=req.to_urlencoded()) assert resp.status_code == 200 req2 = TokenIntrospectionRequest( token=atr["access_token"], client_id="client1", client_secret="hemlighet", token_type_hint="access_token", ) resp = self.provider.introspection_endpoint( request=req2.to_urlencoded()) assert resp ti_resp = TokenIntrospectionResponse().deserialize( resp.message, "json") assert ti_resp["active"] is False
def test_token_revocation_and_introspection(self): authreq = AuthorizationRequest(state="state", redirect_uri="http://example.com/authz", client_id="client1") _sdb = self.provider.sdb sid = _sdb.access_token.key(user="******", areq=authreq) access_grant = _sdb.token_factory['code'](sid=sid) _sdb[sid] = { "oauth_state": "authz", "sub": "sub", "authzreq": authreq.to_json(), "client_id": "client1", "code": access_grant, "code_used": False, "redirect_uri": "http://example.com/authz", 'response_type': ['code'] } # Construct Access token request areq = AccessTokenRequest(code=access_grant, redirect_uri="http://example.com/authz", client_id="client1", client_secret="hemlighet", grant_type='authorization_code') resp = self.provider.token_endpoint(request=areq.to_urlencoded()) atr = AccessTokenResponse().deserialize(resp.message, "json") req = TokenRevocationRequest(token=atr['access_token'], client_id="client1", client_secret="hemlighet", token_type_hint='access_token') resp = self.provider.revocation_endpoint(request=req.to_urlencoded()) assert resp.status == '200 OK' req = TokenIntrospectionRequest(token=atr['access_token'], client_id="client1", client_secret="hemlighet", token_type_hint='access_token') resp = self.provider.introspection_endpoint(request=req.to_urlencoded()) assert resp ti_resp = TokenIntrospectionResponse().deserialize(resp.message, 'json') assert ti_resp['active'] is False