[feature] Implement /oauth/revoke for token revocation (#3983)

author: tobi <31960611+tsmethurst@users.noreply.github.com> 2025-04-10 16:24:17 +0200
committer: GitHub <noreply@github.com> 2025-04-10 16:24:17 +0200
commit: e032c959e13bc276d8517a51857e1c772c151f95 (patch)
tree: 04b33f2202c56ff340246ebeb67d1550c821380e /docs/api
parent: [chore] add IPPrefixes type so we don't need separate rate limit parsed field... (diff)
download: gotosocial-e032c959e13bc276d8517a51857e1c772c151f95.tar.xz
1 files changed, 37 insertions, 0 deletions
diff --git a/docs/api/swagger.yaml b/docs/api/swagger.yaml
index d9e462e56..d79a607a5 100644
--- a/docs/api/swagger.yaml
+++ b/docs/api/swagger.yaml
@@ -13197,6 +13197,43 @@ paths:
             summary: Returns a compliant nodeinfo response to node info queries.
             tags:
                 - nodeinfo
+    /oauth/revoke:
+        post:
+            consumes:
+                - multipart/form-data
+            operationId: oauthTokenRevoke
+            parameters:
+                - description: The client ID, obtained during app registration.
+                  in: formData
+                  name: client_id
+                  required: true
+                  type: string
+                - description: The client secret, obtained during app registration.
+                  in: formData
+                  name: client_secret
+                  required: true
+                  type: string
+                - description: The previously obtained token, to be invalidated.
+                  in: formData
+                  name: token
+                  required: true
+                  type: string
+            produces:
+                - application/json
+            responses:
+                "200":
+                    description: OK - If you own the provided token, the API call will provide OK and an empty response `{}`. This operation is idempotent, so calling this API multiple times will still return OK.
+                "400":
+                    description: bad request
+                "403":
+                    description: forbidden - If you provide a token you do not own, the API call will return a 403 error.
+                "406":
+                    description: not acceptable
+                "500":
+                    description: internal server error
+            summary: Revoke an access token to make it no longer valid for use.
+            tags:
+                - oauth
     /readyz:
         get:
             description: If GtS is not ready, 500 Internal Error will be returned, and an error will be logged (but not returned to the caller, to avoid leaking internals).
author	tobi <31960611+tsmethurst@users.noreply.github.com>	2025-04-10 16:24:17 +0200
committer	GitHub <noreply@github.com>	2025-04-10 16:24:17 +0200
commit	e032c959e13bc276d8517a51857e1c772c151f95 (patch)
tree	04b33f2202c56ff340246ebeb67d1550c821380e /docs/api
parent	[chore] add IPPrefixes type so we don't need separate rate limit parsed field... (diff)
download	gotosocial-e032c959e13bc276d8517a51857e1c772c151f95.tar.xz