- Notifications
You must be signed in to change notification settings - Fork1.1k
feat: implement oauth2 RFC 7009 token revocation endpoint#20362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Conversation
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| // Secret is the raw secret value. This value should only be known to the client. | ||
| Secretstring |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Why are we storing the secret?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
TheFormatted stores the secret, so we were already storing the secret in this struct.
I added this field because the previous PR had 2 structs.
typeparsedSecretstruct {prefixstringsecretstring}typeAppSecretstruct {// Formatted contains the secret. This value is owned by the client, not the// server. It is formatted to include the prefix.Formattedstring// Prefix is the ID of this secret owned by the server. When a client uses a// secret, this is the matching string to do a lookup on the hashed value. We// cannot use the hashed value directly because the server does not store the// salt.Prefixstring// Hashed is the server stored hash(secret,salt,...). Used for verifying a// secret.Hashedstring}
TheparseFormattedSecret was inregistration.go. My refactor was to make 1 struct for theAppSecret and another forHashedAppSecret. I movedParseFormattedSecret next toGenerateSecret. I think we still need to workshop some better names to not conflate with other Secrets. Since it is in theoauth2provider package, I think that helps disambiguate it from say an APIKey secret
There is no new data being stored somewhere it was not previously.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
No blocking comments from me!
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
31a1f6f todaf8ce3Compare4bd7c7b intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Taken from#18809
The linked PR is too big, refactored some functions and fixed the test.
What this does
Adds RFC 7009 token revocation endpoint