Ask OP to revoke tokens on logout

2024-12-23 19:45:05 +01:00 · 2022-07-25 15:34:35 +01:00 · 2022-07-25 15:34:35 +01:00 · 9de574319e
commit 9de574319e
parent 97bea400f6
2 changed files with 47 additions and 0 deletions
--- a/src/matrix/Client.js
+++ b/src/matrix/Client.js
@ -480,6 +480,17 @@ export class Client {
                    request: this._platform.request
                });
                await hsApi.logout({log}).response();
+                const oidcApi = new OidcApi({
+                    issuer: sessionInfo.oidcIssuer,
+                    clientId: sessionInfo.oidcClientId,
+                    request: this._platform.request,
+                    encoding: this._platform.encoding,
+                    crypto: this._platform.crypto,
+                });
+                await oidcApi.revokeToken({ token: sessionInfo.accessToken, type: "access" });
+                if (sessionInfo.refreshToken) {
+                    await oidcApi.revokeToken({ token: sessionInfo.refreshToken, type: "refresh" });
+                }
            } catch (err) {}
            await this.deleteSession(log);
        });
--- a/src/matrix/net/OidcApi.ts
+++ b/src/matrix/net/OidcApi.ts
@ -203,6 +203,11 @@ export class OidcApi {
        return metadata["registration_endpoint"];
    }

+    async revocationEndpoint(): Promise<string | undefined> {
+        const metadata = await this.metadata();
+        return metadata["revocation_endpoint"];
+    }
+
    generateDeviceScope(): String {
        const deviceId = randomString(10);
        return `urn:matrix:device:${deviceId}`;
@ -281,4 +286,35 @@ export class OidcApi {

        return token;
    }
+
+    async revokeToken({
+        token,
+        type,
+    }: { token: string, type: "refresh" | "access" }): Promise<void> {
+        const revocationEndpoint = await this.revocationEndpoint();
+        if (!revocationEndpoint) {
+            return;
+        }
+
+        const params = new URLSearchParams();
+        params.append("token_type", type);
+        params.append("token", token);
+        params.append("client_id", await this.clientId());
+        const body = params.toString();
+
+        const headers = new Map();
+        headers.set("Content-Type", "application/x-www-form-urlencoded");
+
+        const req = this._requestFn(revocationEndpoint, {
+            method: "POST",
+            headers,
+            format: "json",
+            body,
+        });
+
+        const res = await req.response();
+        if (res.status >= 400) {
+            throw new Error("failed to revoke token");
+        }
+    }
 }