Skip to content

Add revoke token endpoint#50

Merged
lbalmaceda merged 2 commits intomasterfrom
add-revoke-token
Apr 27, 2017
Merged

Add revoke token endpoint#50
lbalmaceda merged 2 commits intomasterfrom
add-revoke-token

Conversation

@lbalmaceda
Copy link
Copy Markdown
Contributor

@lbalmaceda lbalmaceda commented Apr 3, 2017

No description provided.

@lbalmaceda lbalmaceda added this to the v1-Next milestone Apr 3, 2017
@lbalmaceda lbalmaceda requested a review from hzalaz April 3, 2017 16:03
@lbalmaceda lbalmaceda requested a review from nikolaseu April 26, 2017 18:55
nikolaseu
nikolaseu approved these changes Apr 27, 2017
View reviewed changes
src/main/java/com/auth0/client/auth/AuthAPI.java
* }
* </pre>
*
* @param refreshToken the refresh token to revoke.
Copy link
Copy Markdown
Contributor

@nikolaseu nikolaseu Apr 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can't configure anything right?

Copy link
Copy Markdown
Contributor Author

@lbalmaceda lbalmaceda Apr 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch. I'll update it.

src/main/java/com/auth0/client/auth/AuthAPI.java
*/
public Request<Void> revokeToken(String refreshToken) {
Asserts.assertNotNull(refreshToken, "refresh token");

Copy link
Copy Markdown
Contributor

@nikolaseu nikolaseu Apr 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

totally unrelated: wasn't this repo that I made a PR to avoid having to parse each time? also this can fail, so it's better to fail fast, right in the constructor..

Copy link
Copy Markdown
Contributor Author

@lbalmaceda lbalmaceda Apr 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but you did that just for the Management API. It can be done in a separate PR to keep small the diff.

src/main/java/com/auth0/client/auth/AuthAPI.java
.build()
.toString();
VoidRequest request = new VoidRequest(client, url, "POST");
request.addParameter(KEY_CLIENT_ID, clientId);
Copy link
Copy Markdown
Contributor

@nikolaseu nikolaseu Apr 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can revoke refresh tokens without client secret, but this is already required so we have it anyway, right?

Copy link
Copy Markdown
Contributor

@nikolaseu nikolaseu Apr 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

auto answer: https://auth0.com/docs/tokens/preview/refresh-token#revoke-a-refresh-token

... the /oauth/revoke endpoint supports passing no client_secret but the client itself must have the property tokenEndpointAuthMethod set to none ...

@lbalmaceda lbalmaceda merged commit 806cf35 into master Apr 27, 2017
@lbalmaceda lbalmaceda deleted the add-revoke-token branch April 27, 2017 18:12
@lbalmaceda lbalmaceda modified the milestones: v1-Next, 1.1.0 May 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hzalaz hzalaz Awaiting requested review from hzalaz

1 more reviewer

@nikolaseu nikolaseu nikolaseu approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

CH: Added

Projects

None yet

Milestone

1.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@lbalmaceda @nikolaseu