Remove "revoke" button - Githubissues

janboddez / share-on-pixelfed

Easily share WordPress image posts on Pixelfed.

https://jan.boddez.net/wordpress/share-on-pixelfed

GNU General Public License v3.0

6 stars 1 forks source link

Remove "revoke" button #8

Closed janboddez closed 1 year ago

janboddez commented 2 years ago

Rather than use Mastodon's /oauth/revoke, you've got to send a DELETE request to /oauth/tokens/<token>.

Because that's how Laravel Passport works.

janboddez commented 2 years ago

$response = wp_remote_post(
    // phpcs:ignore Squiz.PHP.CommentedOutCode.Found,Squiz.Commenting.InlineComment.InvalidEndChar
    // esc_url_raw( $this->options['pixelfed_host'] ) . '/oauth/revoke',
    esc_url_raw( $this->options['pixelfed_host'] . '/oauth/tokens/' . $this->options['pixelfed_access_token'] ),
    array(
        'method'  => 'DELETE',
        'headers' => array(
            'Authorization' => 'Bearer ' . $this->options['pixelfed_access_token'],
        ),
        'timeout' => 11,
    )
);

janboddez commented 2 years ago

https://github.com/laravel/passport/blob/ab9e2045e0d8649cd84de411d0332bdd5fe763a3/src/RouteRegistrar.php#L85

janboddez commented 2 years ago

Seems this somehow always returns a status 200 and login screen.

janboddez commented 1 year ago

Seems this somehow always returns a status 200 and login screen.

Because it's behind the auth middleware and not to be used by external clients.