Commit822b677

committed

remove client_id check from revoke body

1 parent4c9ccde commit822b677Copy full SHA for 822b677

File tree

-13

lines changed

-13

lines changed

Lines changed: 0 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -58,19 +58,6 @@ func RevokeToken(db database.Store, logger slog.Logger) http.HandlerFunc {`
`58`	`58`	`return`
`59`	`59`	`}`
`60`	`60`
`61`		`-// Extract client_id parameter - required for ownership verification`
`62`		`-clientID:=r.Form.Get("client_id")`
`63`		`-ifclientID=="" {`
`64`		`-httpapi.WriteOAuth2Error(ctx,rw,http.StatusBadRequest,"invalid_request","Missing client_id parameter")`
`65`		`-return`
`66`		`-}`
`67`		`-`
`68`		`-// Verify the extracted app matches the client_id parameter`
`69`		`-ifapp.ID.String()!=clientID {`
`70`		`-httpapi.WriteOAuth2Error(ctx,rw,http.StatusBadRequest,"invalid_client","Invalid client_id")`
`71`		`-return`
`72`		`-}`
`73`		`-`
`74`	`61`	`// Determine if this is a refresh token (starts with "coder_") or API key`
`75`	`62`	`// APIKeys do not have the SecretIdentifier prefix.`
`76`	`63`	`constcoderPrefix=SecretIdentifier+"_"`

Comments

(0)