search

ory / fosite-example

Apache License 2.0
78 stars 34 forks source link

Revoke token returning invalid_request #32

Closed ezerw closed 4 years ago

ezerw commented 4 years ago

In the example after executing the exchange step I get invalid_request when trying to revoke the access or refresh token.

Payload

It's a public client so no secret is passed in the header

Header:

authHash := base64.StdEncoding.EncodeToString(
    []byte(fmt.Sprintf("%s:%s", oAuth2Config.ClientID, "")),
)
r.Header.Set("Authorization", "Basic "+authHash)
r.Header.Add("Content-Type", "application/x-www-form-urlencoded")

Body:

token=valid-existing-non-revoked-access-token-or-refresh-token token_type_hint=tried-with-access-and-refresh-tokens-same-result

Response

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed","error_hint":"Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.","status_code":400}

Can't debug fosite itself but confirmed that the request coming as param to NewRevocationRequest contains the token and token_type_hint. I assume it can't find the proper loader here but not sure.

Here's the stack trace

Error: invalid_request
github.com/ory/fosite.(*Fosite).NewRevocationRequest
        /Users/eze/Workspace/pkg/mod/github.com/ory/fosite@v0.32.1/revoke_handler.go:79
github.com/ory/fosite-example/authorizationserver.revokeEndpoint
        /Users/eze/Workspace/src/github.com/ory/fosite-example/authorizationserver/oauth2_revoke.go:13
net/http.HandlerFunc.ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2041
net/http.(*ServeMux).ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2416
net/http.serverHandler.ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2836
net/http.(*conn).serve
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:1924
runtime.goexit
        /usr/local/Cellar/go/1.14.6/libexec/src/runtime/asm_amd64.s:1373
ezerw commented 4 years ago

Created a PR on fosite repo with a fix for this.

aeneasr commented 4 years ago

Fixed on usptream, thank you! :)