Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Revoke access tokens via a revocation endpoint

Download Browse

Part of story #14542: have OAuth2 flow To test (if app force the usage of PKCE you need to add the required parameters to the following instructions): 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_id>&scope=demo%20project:read&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. Revoke the access token you have just requested: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'token=<access_token> \ https://tuleap.example.com/oauth2/token/revoke 6. The app's authorization codes and access tokens should be revoked and no longer usable. Change-Id: Id83c5adc6019bf84d9f876170ac481eeab5d5df6

+629 −4
Joris MASSON (jmasson) 2020-03-20 16:15
Joris MASSON (jmasson) 2020-03-23 15:42
1ff36f63bb0a61f955b8ebb1ebd27b09055daf32
76201f3cc0c113fb718c44bdcc7aaa5e1d90a9de
git #tuleap/stable/1ff36f63bb0a61f955b8ebb1ebd27b09055daf32

Modified Files

Side by side diff
Inline diff
Name
M plugins/oauth2_server/include/AccessToken/OAuth2AccessTokenDAO.php +17 −0 Go to diff View file
A plugins/oauth2_server/include/AccessToken/OAuth2AccessTokenRevocationVerifier.php +68 −0 Go to diff View file
A plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AuthorizationCodeRevoker.php +41 −0 Go to diff View file
A plugins/oauth2_server/include/Grant/TokenRevocationController.php +140 −0 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +35 −4 Go to diff View file
A plugins/oauth2_server/phpunit/AccessToken/OAuth2AccessTokenRevocationVerifierTest.php +100 −0 Go to diff View file
A plugins/oauth2_server/phpunit/Grant/AuthorizationCode/OAuth2AuthorizationCodeRevokerTest.php +44 −0 Go to diff View file
A plugins/oauth2_server/phpunit/Grant/TokenRevocationControllerTest.php +168 −0 Go to diff View file
M plugins/oauth2_server/tests/integration/AccessToken/OAuth2AccessTokenDAOTest.php +16 −0 Go to diff View file