Support RFC 7009 OAuth 2.0 Token Revocation (#122)

Author: ximon18

examples/google.rs

@@ -13,12 +13,12 @@
 //! ...and follow the instructions.
 //!
 
-use oauth2::basic::BasicClient;
+use oauth2::{basic::BasicClient, revocation::StandardRevocableToken, TokenResponse};
 // Alternatively, this can be oauth2::curl::http_client or a custom.
 use oauth2::reqwest::http_client;
 use oauth2::{
     AuthUrl, AuthorizationCode, ClientId, ClientSecret, CsrfToken, PkceCodeChallenge, RedirectUrl,
-    Scope, TokenUrl,
+    RevocationUrl, Scope, TokenUrl,
 };
 use std::env;
 use std::io::{BufRead, BufReader, Write};
@@ -49,6 +49,11 @@ fn main() {
     // See below for the server implementation.
     .set_redirect_url(
         RedirectUrl::new("http://localhost:8080".to_string()).expect("Invalid redirect URL"),
+    )
+    // Google supports OAuth 2.0 Token Revocation (RFC-7009)
+    .set_revocation_url(
+        RevocationUrl::new("https://oauth2.googleapis.com/revoke".to_string())
+            .expect("Invalid revocation endpoint URL"),
     );
 
     // Google supports Proof Key for Code Exchange (PKCE - https://oauth.net/2/pkce/).
@@ -127,14 +132,29 @@ fn main() {
             );
 
             // Exchange the code with a token.
-            let token = client
+            let token_response = client
                 .exchange_code(code)
                 .set_pkce_verifier(pkce_code_verifier)
                 .request(http_client);
 
-            println!("Google returned the following token:\n{:?}\n", token);
+            println!(
+                "Google returned the following token:\n{:?}\n",
+                token_response
+            );
+
+            // Revoke the obtained token
+            let token_response = token_response.unwrap();
+            let token_to_revoke: StandardRevocableToken = match token_response.refresh_token() {
+                Some(token) => token.into(),
+                None => token_response.access_token().into(),
+            };
+
+            client
+                .revoke_token(token_to_revoke)
+                .request(http_client)
+                .expect("Failed to revoke token");
 
-            // The server will terminate itself after collecting the first code.
+            // The server will terminate itself after revoking the token.
             break;
         }
     }

examples/wunderlist.rs

@@ -14,8 +14,14 @@
 //! ...and follow the instructions.
 //!
 
-use oauth2::basic::{BasicErrorResponse, BasicTokenIntrospectionResponse, BasicTokenType};
 use oauth2::TokenType;
+use oauth2::{
+    basic::{
+        BasicErrorResponse, BasicRevocationErrorResponse, BasicTokenIntrospectionResponse,
+        BasicTokenType,
+    },
+    revocation::StandardRevocableToken,
+};
 // Alternatively, this can be `oauth2::curl::http_client` or a custom client.
 use oauth2::helpers;
 use oauth2::reqwest::http_client;
@@ -39,6 +45,8 @@ type SpecialClient = Client<
     SpecialTokenResponse,
     BasicTokenType,
     BasicTokenIntrospectionResponse,
+    StandardRevocableToken,
+    BasicRevocationErrorResponse,
 >;
 
 fn default_token_type() -> Option<BasicTokenType> {

src/basic.rs

@@ -5,13 +5,22 @@ use super::{
     Client, EmptyExtraTokenFields, ErrorResponseType, RequestTokenError, StandardErrorResponse,
     StandardTokenResponse, TokenType,
 };
-use crate::StandardTokenIntrospectionResponse;
+use crate::{
+    revocation::{RevocationErrorResponseType, StandardRevocableToken},
+    StandardTokenIntrospectionResponse,
+};
 
 ///
 /// Basic OAuth2 client specialization, suitable for most applications.
 ///
-pub type BasicClient =
-    Client<BasicErrorResponse, BasicTokenResponse, BasicTokenType, BasicTokenIntrospectionResponse>;
+pub type BasicClient = Client<
+    BasicErrorResponse,
+    BasicTokenResponse,
+    BasicTokenType,
+    BasicTokenIntrospectionResponse,
+    StandardRevocableToken,
+    BasicRevocationErrorResponse,
+>;
 
 ///
 /// Basic OAuth2 authorization token types.
@@ -189,3 +198,8 @@ pub type BasicErrorResponse = StandardErrorResponse<BasicErrorResponseType>;
 /// Token error specialization for basic OAuth2 implementation.
 ///
 pub type BasicRequestTokenError<RE> = RequestTokenError<RE, BasicErrorResponse>;
+
+///
+/// Revocation error response specialization for basic OAuth2 implementation.
+///
+pub type BasicRevocationErrorResponse = StandardErrorResponse<RevocationErrorResponseType>;