Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Enhancement: support RFC 7009 for token revocation
See original GitHub issueRFC 7009 describes explicit revocation of OAuth2 tokens. For example, if a user running a session maintained by OAuth2 access & refresh tokens wishes to explicitly “log out” i.e. invalidate their current token set.
Of course, a consuming application could wire up their own logic directly to revoke tokens, but it occurred to me that it might be a nicety to support this as a function on the AuthorizationServer class.
Issue Analytics
- State:
- Created 10 months ago
- Comments:5 (5 by maintainers)
Top Results From Across the Web
OAuth 2.0 Token Revocation RFC 7009 - IETF Datatracker
OAuth 2.0 Token Revocation (RFC 7009, August 2013)
Read more >Token Revocation | SAP Help Portal
If your token isn't an access token, Platform tries to revoke it as a refresh token. If you specify an unsupported token type,...
Read more >Support RFC 7009 OAuth 2.0 Token Revocation — Bitbucket
Support RFC 7009 OAuth 2.0 Token Revocation. Create issue. Issue #29 resolved. Vladimir Dzhuvinov created an issue 2013-06-17.
Read more >Configurable token revocation policy · Issue #3178 - GitHub
Token revocation spec RFC 7009 section 2.1 says Depending on the authorization server's revocation policy, the revocation of a particular ...
Read more >OAuth Revoke Flow | Curity Identity Server
When a token should be expired before this time, it should be revoked. Overview. There is a standard API for revoking tokens. This...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’m going to cut a release for this one when I get a moment
@jasonraimondi OK, I’ve implemented this now with coverage of both the
auth_codeandrefresh_tokengrants - which are the only ones it makes sense for me to be revoked in this manner.Please give the PR a review when you have the chance.