fix: use refresh_user_secret() when revoking on backend - Githubissues

AxeWP / wp-graphql-headless-login

A WordPress plugin that provides Headless login and authentication for WPGraphQL, supporting traditional passwords, OAuth2/OpenID Connect, JWT, and more.

GNU General Public License v3.0

72 stars 11 forks source link

fix: use refresh_user_secret() when revoking on backend #61

Closed justlevine closed 1 year ago

justlevine commented 1 year ago

What

Use TokenManager::refresh_user_secret() when revoking secrets on the backend.

Why

Since TokenManager::revoke_user_secret() leaves no secret set, this would cause a fatal GraphQL error, instead of a request for reauthorization.

How

fix: Use TokenManager::refresh_user_secret() when revoking secrets on the backend to prevent UserErrors for invalid secrets.

Testing Instructions

Additional Info

Checklist:

[x] My code is tested to the best of my abilities.
[x] My code follows the WordPress Coding Standards.
[x] My code has proper inline documentation.
[x] I have added unit tests to verify the code works as intended.
[x] I included the relevant changes in CHANGELOG.md