API - add access token revocation

fittrackee/oauth2/config.py

@@ -1,7 +1,10 @@
+from authlib.integrations.sqla_oauth2 import create_revocation_endpoint
 from authlib.oauth2.rfc7636 import CodeChallenge
 from flask import Flask
 
-from .grants import AuthorizationCodeGrant, RefreshTokenGrant
+from fittrackee import db
+
+from .grants import AuthorizationCodeGrant, OAuth2Token, RefreshTokenGrant
 from .server import authorization_server
 
 
@@ -13,3 +16,8 @@ def config_oauth(app: Flask) -> None:
         AuthorizationCodeGrant, [CodeChallenge(required=True)]
     )
     authorization_server.register_grant(RefreshTokenGrant)
+
+    # support revocation
+    revocation_cls = create_revocation_endpoint(db.session, OAuth2Token)
+    revocation_cls.CLIENT_AUTH_METHODS = ['client_secret_post']
+    authorization_server.register_endpoint(revocation_cls)

fittrackee/oauth2/routes.py

@@ -70,3 +70,8 @@ def authorize(auth_user: User) -> Response:
 @oauth_blueprint.route('/oauth/token', methods=['POST'])
 def issue_token() -> Response:
     return authorization_server.create_token_response()
+
+
+@oauth_blueprint.route('/oauth/revoke', methods=['POST'])
+def revoke_token() -> Response:
+    return authorization_server.create_endpoint_response('revocation')