Skip to content

Support revocation with URL-encoded parameters #656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 6, 2025
+24 −11
Merged

Support revocation with URL-encoded parameters #656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .rubocop_gradual.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
[69, 15, 38, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1480816240],
[79, 13, 23, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 2314399065]
],
"spec/oauth2/client_spec.rb:3334307042": [
"spec/oauth2/client_spec.rb:292714281": [
[6, 1, 29, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/client*_spec.rb`.", 439549885],
[175, 7, 492, "RSpec/NoExpectationExample: No expectation found in this example.", 1272021224],
[194, 7, 592, "RSpec/NoExpectationExample: No expectation found in this example.", 3428877205],
Expand Down
6 changes: 3 additions & 3 deletions lib/oauth2/client.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,10 +256,10 @@ def get_token(params, access_token_opts = {}, extract_access_token = nil, &block
# @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
def revoke_token(token, token_type_hint = nil, params = {}, &block)
params[:token_method] ||= :post_with_query_string
params[:token] = token
params[:token_type_hint] = token_type_hint if token_type_hint

req_opts = params_to_req_opts(params)
req_opts[:params] ||= {}
req_opts[:params][:token] = token
req_opts[:params][:token_type_hint] = token_type_hint if token_type_hint

request(http_method, revoke_url, req_opts, &block)
end
Expand Down
27 changes: 20 additions & 7 deletions spec/oauth2/client_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1216,13 +1216,6 @@ def self.contains_token?(hash)
}.not_to raise_error
end
end

def stubbed_client(params = {}, &stubs)
params = {site: "https://api.example.com"}.merge(params)
OAuth2::Client.new("abc", "def", params) do |builder|
builder.adapter :test, &stubs
end
end
end

describe "#revoke_token" do
Expand Down Expand Up @@ -1259,6 +1252,19 @@ def stubbed_client(params = {}, &stubs)
}.not_to raise_error
end

it "submits params in request body" do
client = stubbed_client do |stub|
stub.post("/oauth/revoke") do |req|
expect(req.body[:token]).to eq(token)
expect(req.params).to be_empty

[200, {"Content-Type" => "application/json"}, ""]
end
end

client.revoke_token(token, "access_token", token_method: :post)
end

it "has status 200" do
expect(instance.revoke_token(token, nil, extra: "param").status).to eq(200)
end
Expand Down Expand Up @@ -1332,4 +1338,11 @@ def stubbed_client(params = {}, &stubs)
expect(subject.inspect).to include("@secret=[FILTERED]")
end
end

def stubbed_client(params = {}, &stubs)
params = {site: "https://api.example.com"}.merge(params)
OAuth2::Client.new("abc", "def", params) do |builder|
builder.adapter :test, &stubs
end
end
end
Loading