From e032c959e13bc276d8517a51857e1c772c151f95 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Thu, 10 Apr 2025 16:24:17 +0200 Subject: [feature] Implement /oauth/revoke for token revocation (#3983) --- web/source/settings/lib/query/login/index.ts | 43 +++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) (limited to 'web/source/settings/lib') diff --git a/web/source/settings/lib/query/login/index.ts b/web/source/settings/lib/query/login/index.ts index e3b3b94a1..dc85e9efd 100644 --- a/web/source/settings/lib/query/login/index.ts +++ b/web/source/settings/lib/query/login/index.ts @@ -182,7 +182,48 @@ const extended = gtsApi.injectEndpoints({ }, }), logout: build.mutation({ - queryFn: (_arg, api) => { + async queryFn(_arg, api, _extraOpts, fetchWithBQ) { + const state = api.getState() as RootState; + const loginState = state.login; + + // Try to log out politely by revoking + // our access token. First fetch app, + // then token, then post to /oauth/revoke. + + const app = loginState.app; + if (app === undefined) { + // This should never happen. + throw "trying to log out with undefined app"; + } + + let token = loginState.token; + if (token === undefined) { + // This should never happen. + throw "trying to log out with undefined token"; + } + + // Trim "Bearer " from stored token + // to get just the access token part. + token = token.substring(7); + + // Try to revoke the token. If we fail, just + // log the error and clear our state anyway. + const invalidateResult = await fetchWithBQ({ + method: "POST", + url: "/oauth/revoke", + body: { + token: token, + client_id: app.client_id, + client_secret: app.client_secret, + }, + asForm: true, + }); + if (invalidateResult.error) { + // eslint-disable-next-line no-console + console.error("error logging out: ", invalidateResult.error); + } + + // Clear our state. api.dispatch(oauthRemove()); return { data: null }; }, -- cgit v1.2.3