Ask OP to revoke tokens on logout

This commit is contained in:
Hugh Nimmo-Smith 2022-07-25 15:34:35 +01:00 committed by Quentin Gliech
parent 87bbba0253
commit 5296ba1d8a
No known key found for this signature in database
GPG Key ID: 22D62B84552719FC
2 changed files with 47 additions and 0 deletions

View File

@ -482,6 +482,17 @@ export class Client {
request: this._platform.request
});
await hsApi.logout({log}).response();
const oidcApi = new OidcApi({
issuer: sessionInfo.oidcIssuer,
clientId: sessionInfo.oidcClientId,
request: this._platform.request,
encoding: this._platform.encoding,
crypto: this._platform.crypto,
});
await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access" });
if (sessionInfo.refreshToken) {
await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh" });
}
} catch (err) {}
await this.deleteSession(log);
});

View File

@ -203,6 +203,11 @@ export class OidcApi {
return metadata["registration_endpoint"];
}
async revocationEndpoint(): Promise<string | undefined> {
const metadata = await this.metadata();
return metadata["revocation_endpoint"];
}
generateDeviceScope(): String {
const deviceId = randomString(10);
return `urn:matrix:device:${deviceId}`;
@ -281,4 +286,35 @@ export class OidcApi {
return token;
}
async revokeToken({
token,
type,
}: { token: string, type: "refresh" | "access" }): Promise<void> {
const revocationEndpoint = await this.revocationEndpoint();
if (!revocationEndpoint) {
return;
}
const params = new URLSearchParams();
params.append("token_type", type);
params.append("token", token);
params.append("client_id", await this.clientId());
const body = params.toString();
const headers = new Map();
headers.set("Content-Type", "application/x-www-form-urlencoded");
const req = this._requestFn(revocationEndpoint, {
method: "POST",
headers,
format: "json",
body,
});
const res = await req.response();
if (res.status >= 400) {
throw new Error("failed to revoke token");
}
}
}