alice.mosphere.at / indigo
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

oauth client: cleanup

David Buchanan a4454f12 825c5333

+7 -14
+1 -5
atproto/auth/oauth/oauth.go
··· 664 664 // High-level helper to delete a session, including revoking access/refresh tokens if supported by the AS 665 665 func (app *ClientApp) Logout(ctx context.Context, did syntax.DID, sessionID string) error { 666 666 sess, err := app.ResumeSession(ctx, did, sessionID) 667 - // TODO: Should this be idempotent? i.e. logging out of a session that does not exist does nothing and succeeds? 668 667 if err != nil { 669 668 return err 670 669 } 671 670 672 671 // Tell the AS to revoke the tokens 673 - err = sess.RevokeSession(ctx) 674 - if err != nil { 675 - return err 676 - } 672 + sess.RevokeSession(ctx) 677 673 678 674 // Delete from our own session store 679 675 err = app.Store.DeleteSession(ctx, did, sessionID)
+6 -9
atproto/auth/oauth/session.go
··· 186 186 return sess.Data.AccessToken, nil 187 187 } 188 188 189 - // TODO: writeme 190 - func (sess *ClientSession) RevokeSession(ctx context.Context) error { 189 + // If supported by the AS, use the revocation endpoint to revoke both the access token and the refresh token. 190 + // This method always succeeds - any errors during revocation are logged but not returned. 191 + func (sess *ClientSession) RevokeSession(ctx context.Context) { 191 192 if sess.Data.AuthServerRevocationEndpoint == "" { 192 193 slog.Info("AS does not advertise token revocation support, skipping") 193 - return nil 194 + return 194 195 } 195 196 196 197 sess.lk.Lock() ··· 203 204 }) 204 205 if err != nil { 205 206 slog.Warn("failed revoking access token", "err", err) 206 - } 207 - if resp != nil { 207 + } else { 208 208 if resp.StatusCode != http.StatusOK { 209 209 slog.Warn("bad HTTP status while revoking access token", "status_code", resp.StatusCode) 210 210 } ··· 218 218 }) 219 219 if err != nil { 220 220 slog.Warn("failed revoking refresh token", "err", err) 221 - } 222 - if resp != nil { 221 + } else { 223 222 if resp.StatusCode != 200 { 224 223 slog.Warn("bad HTTP status while revoking refresh token", "status_code", resp.StatusCode) 225 224 } 226 225 resp.Body.Close() 227 226 } 228 - 229 - return nil 230 227 } 231 228 232 229 // Constructs and signs a DPoP JWT to include in request header to Host (aka Resource Server, aka PDS). These tokens are different from those used with Auth Server token endpoints (even if the PDS is filling both roles)