Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Revoke refresh tokens via revocation endpoint

Download Browse

Part of story #14542: have OAuth2 flow To test (if app force the usage of PKCE you need to add the required parameters to the following instructions): 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_id>&scope=offline_access&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. Revoke the refresh token you received at step 2: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'token=<refresh_token> \ https://tuleap.example.com/oauth2/token/revoke 6. The refresh token, its associated authorization code and the access token returned by the same request should be revoked. They should no longer be usable. Change-Id: Id79b79bb01c82355863bbc60fe24dad9e91353ef

+677 −180
Joris MASSON (jmasson) 2020-03-23 18:07
Joris MASSON (jmasson) 2020-03-24 16:18
05c34a2eeecafc33544a574b809453ef0bfa4ea3
48f6b9f28203db1492b0f513515204c471ba4691
git #tuleap/stable/05c34a2eeecafc33544a574b809453ef0bfa4ea3

Modified Files

Side by side diff
Inline diff
Name
R plugins/oauth2_server/include/AccessToken/OAuth2AccessTokenRevocationVerifier.php Go to diff View file
M plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AuthorizationCodeDAO.php +8 −1 Go to diff View file
M plugins/oauth2_server/include/Grant/TokenRevocationController.php +20 −34 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/InvalidOAuth2RefreshTokenException.php +33 −0 Go to diff View file
M plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenDAO.php +17 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenNotFoundException.php +33 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenRevoker.php +94 −0 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +14 −6 Go to diff View file
D plugins/oauth2_server/phpunit/AccessToken/OAuth2AccessTokenRevocationVerifierTest.php +0 −100 Go to diff View file
A plugins/oauth2_server/phpunit/AccessToken/OAuth2AccessTokenRevokerTest.php +123 −0 Go to diff View file
M plugins/oauth2_server/phpunit/Grant/TokenRevocationControllerTest.php +63 −39 Go to diff View file
A plugins/oauth2_server/phpunit/RefreshToken/OAuth2RefreshTokenRevokerTest.php +120 −0 Go to diff View file
A plugins/oauth2_server/tests/integration/RefreshToken/OAuth2RefreshTokenDAOTest.php +152 −0 Go to diff View file