matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-28 11:02:02 +03:00
Code Activity

Support for token revocation

Browse Source
This commit is contained in:
Quentin Gliech
2023-02-16 17:12:16 +01:00
parent 823b27a714
commit 543b4b229f
8 changed files with 261 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
crates/oauth2-types/src/errors.rs
View File

@ -265,6 +265,15 @@ pub enum ClientErrorCode {
/// From [RFC8628](https://www.rfc-editor.org/rfc/rfc8628#section-3.5).
ExpiredToken,
/// `unsupported_token_type`
///
/// The authorization server does not support the revocation of the
/// presented token type. That is, the client tried to revoke an access
/// token on a server not supporting this feature.
///
/// From [RFC7009](https://www.rfc-editor.org/rfc/rfc7009#section-2.2.1).
UnsupportedTokenType,
/// Another error code.
#[display("{0}")]
Unknown(String),
@ -353,6 +362,9 @@ impl ClientErrorCode {
ClientErrorCode::ExpiredToken => {
"The \"device_code\" has expired, and the device authorization session has concluded"
}
ClientErrorCode::UnsupportedTokenType => {
"The authorization server does not support the revocation of the presented token type."
},
ClientErrorCode::Unknown(_) => "",
}
}

21
crates/oauth2-types/src/requests.rs
View File

@ -716,6 +716,27 @@ pub struct IntrospectionResponse {
pub jti: Option<String>,
}
/// A request to the [Revocation Endpoint].
///
/// [Revocation Endpoint]: https://www.rfc-editor.org/rfc/rfc7009#section-2
#[skip_serializing_none]
#[derive(Serialize, Deserialize, Clone, PartialEq, Eq)]
pub struct RevocationRequest {
/// The value of the token.
pub token: String,
/// A hint about the type of the token submitted for introspection.
pub token_type_hint: Option<OAuthTokenTypeHint>,
}
impl fmt::Debug for RevocationRequest {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("RevocationRequest")
.field("token_type_hint", &self.token_type_hint)
.finish_non_exhaustive()
}
}
/// A successful response from the [Pushed Authorization Request Endpoint].
///
/// Note that there is no request type because it is by definition the same as