revocation

package

v2.1.1 Latest Latest Go to latest Published: Jun 20, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Package revocation implements the OAuth 2.0 Token Revocation endpoint plugin.

It handles POST /revoke (RFC 7009 §2), allowing clients to invalidate access tokens and refresh tokens.

This section is empty.

View Source

var ErrInvalidRefreshToken = errors.New("invalid refresh token")

ErrInvalidRefreshToken is a sentinel error for invalid refresh tokens.

This section is empty.

type Config struct {
	Store       storm.RevocationStore
	ClientStore storm.ClientStore
	Crypto      storm.UniCrypto
	KeyStore    protocol.KeyStore
}

Config holds the dependencies for the Revocation plugin.

type Plugin struct {
	// contains filtered or unexported fields
}

Plugin implements the Token Revocation endpoint.

func New(ctx *storm.PluginContext) *Plugin

New creates a new Revocation plugin from a PluginContext.

func NewWithConfig(cfg Config) *Plugin

NewWithConfig creates a new Revocation plugin with explicit config.

func (p *Plugin) Category() storm.PluginCategory

Category returns CategoryStandard — revocation is optional but enabled by default.

func (p *Plugin) Contribute(ctx context.Context, cfg *protocol.DiscoveryConfiguration)

Contribute returns the discovery fields for the revocation endpoint.

func (p *Plugin) Name() string

Name returns the plugin name.

func (p *Plugin) Register(r chi.Router)

Register installs the POST /revoke route.

OAuth 2.0 standard endpoint: POST /revoke (RFC 7009 §2)

func (p *Plugin) Requires() []string

Requires returns the storage dependencies.