Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.11/site-packages/oauthlib/oauth2/rfc6749/endpoints/revocation.py: 33%

Shortcuts on this page

r m x   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

39 statements  

1""" 

2oauthlib.oauth2.rfc6749.endpoint.revocation 

3~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

4 

5An implementation of the OAuth 2 `Token Revocation`_ spec (draft 11). 

6 

7.. _`Token Revocation`: https://tools.ietf.org/html/draft-ietf-oauth-revocation-11 

8""" 

9import logging 

10 

11from oauthlib.common import Request 

12 

13from ..errors import OAuth2Error 

14from .base import BaseEndpoint, catch_errors_and_unavailability 

15 

16log = logging.getLogger(__name__) 

17 

18 

19class RevocationEndpoint(BaseEndpoint): 

20 

21 """Token revocation endpoint. 

22 

23 Endpoint used by authenticated clients to revoke access and refresh tokens. 

24 Commonly this will be part of the Authorization Endpoint. 

25 """ 

26 

27 valid_token_types = ('access_token', 'refresh_token') 

28 valid_request_methods = ('POST',) 

29 

30 def __init__(self, request_validator, supported_token_types=None, 

31 enable_jsonp=False): 

32 BaseEndpoint.__init__(self) 

33 self.request_validator = request_validator 

34 self.supported_token_types = ( 

35 supported_token_types or self.valid_token_types) 

36 self.enable_jsonp = enable_jsonp 

37 

38 @catch_errors_and_unavailability 

39 def create_revocation_response(self, uri, http_method='POST', body=None, 

40 headers=None): 

41 """Revoke supplied access or refresh token. 

42 

43 

44 The authorization server responds with HTTP status code 200 if the 

45 token has been revoked successfully or if the client submitted an 

46 invalid token. 

47 

48 Note: invalid tokens do not cause an error response since the client 

49 cannot handle such an error in a reasonable way. Moreover, the purpose 

50 of the revocation request, invalidating the particular token, is 

51 already achieved. 

52 

53 The content of the response body is ignored by the client as all 

54 necessary information is conveyed in the response code. 

55 

56 An invalid token type hint value is ignored by the authorization server 

57 and does not influence the revocation response. 

58 """ 

59 resp_headers = { 

60 'Content-Type': 'application/json', 

61 'Cache-Control': 'no-store', 

62 'Pragma': 'no-cache', 

63 } 

64 request = Request( 

65 uri, http_method=http_method, body=body, headers=headers) 

66 try: 

67 self.validate_revocation_request(request) 

68 log.debug('Token revocation valid for %r.', request) 

69 except OAuth2Error as e: 

70 log.debug('Client error during validation of %r. %r.', request, e) 

71 response_body = e.json 

72 if self.enable_jsonp and request.callback: 

73 response_body = '{}({});'.format(request.callback, response_body) 

74 resp_headers.update(e.headers) 

75 return resp_headers, response_body, e.status_code 

76 

77 self.request_validator.revoke_token(request.token, 

78 request.token_type_hint, request) 

79 

80 response_body = '' 

81 if self.enable_jsonp and request.callback: 

82 response_body = request.callback + '();' 

83 return {}, response_body, 200 

84 

85 def validate_revocation_request(self, request): 

86 """Ensure the request is valid. 

87 

88 The client constructs the request by including the following parameters 

89 using the "application/x-www-form-urlencoded" format in the HTTP 

90 request entity-body: 

91 

92 token (REQUIRED). The token that the client wants to get revoked. 

93 

94 token_type_hint (OPTIONAL). A hint about the type of the token 

95 submitted for revocation. Clients MAY pass this parameter in order to 

96 help the authorization server to optimize the token lookup. If the 

97 server is unable to locate the token using the given hint, it MUST 

98 extend its search across all of its supported token types. An 

99 authorization server MAY ignore this parameter, particularly if it is 

100 able to detect the token type automatically. This specification 

101 defines two such values: 

102 

103 * access_token: An Access Token as defined in [RFC6749], 

104 `section 1.4`_ 

105 

106 * refresh_token: A Refresh Token as defined in [RFC6749], 

107 `section 1.5`_ 

108 

109 Specific implementations, profiles, and extensions of this 

110 specification MAY define other values for this parameter using 

111 the registry defined in `Section 4.1.2`_. 

112 

113 The client also includes its authentication credentials as described in 

114 `Section 2.3`_. of [`RFC6749`_]. 

115 

116 .. _`section 1.4`: https://tools.ietf.org/html/rfc6749#section-1.4 

117 .. _`section 1.5`: https://tools.ietf.org/html/rfc6749#section-1.5 

118 .. _`section 2.3`: https://tools.ietf.org/html/rfc6749#section-2.3 

119 .. _`Section 4.1.2`: https://tools.ietf.org/html/draft-ietf-oauth-revocation-11#section-4.1.2 

120 .. _`RFC6749`: https://tools.ietf.org/html/rfc6749 

121 """ 

122 self._raise_on_bad_method(request) 

123 self._raise_on_bad_post_request(request) 

124 self._raise_on_missing_token(request) 

125 self._raise_on_invalid_client(request) 

126 self._raise_on_unsupported_token(request)