davejansen/snikket-web-portal
1
0
Fork 0
Code Issues Pull Requests Activity

Fix revokation of token on logout

Browse Source 
In OAuth 2.0, you don't authenticate with the revocation endpoint using
the token you are revoking, but rather the OAuth client credentials.
This commit is contained in:
Kim Alvefur
2023-10-07 16:17:40 +02:00
parent 14368c5e9a
commit e39b6ca8bb
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
snikket_web/prosodyclient.py
View File

@@ -1162,7 +1162,6 @@ class ProsodyClient:
self._raise_error_from_response(resp) self._raise_error_from_response(resp)
return True return True
@autosession
async def revoke_token( async def revoke_token(
self, self,
*, *,
@@ -1176,7 +1175,8 @@ class ProsodyClient:
async def logout(self) -> None: async def logout(self) -> None:
try: try:
await self.revoke_token() async with self._plain_session as session:
await self.revoke_token(session=session)
except aiohttp.ClientError: except aiohttp.ClientError:
self.logger.warn("failed to revoke token!", self.logger.warn("failed to revoke token!",
exc_info=True) exc_info=True)