Example 1 with TokenRevokeContext
use of org.keycloak.services.clientpolicy.context.TokenRevokeContext in project keycloak by keycloak.
the class TokenRevocationEndpoint method revoke.
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
public Response revoke() {
event.event(EventType.REVOKE_GRANT);
cors = Cors.add(request).auth().allowedMethods("POST").auth().exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS);
checkSsl();
checkRealm();
checkClient();
formParams = request.getDecodedFormParameters();
checkParameterDuplicated(formParams);
try {
session.clientPolicy().triggerOnEvent(new TokenRevokeContext(formParams));
} catch (ClientPolicyException cpe) {
event.error(cpe.getError());
throw new CorsErrorResponseException(cors, cpe.getError(), cpe.getErrorDetail(), cpe.getErrorStatus());
}
checkToken();
checkIssuedFor();
checkUser();
if (TokenUtil.TOKEN_TYPE_REFRESH.equals(token.getType()) || TokenUtil.TOKEN_TYPE_OFFLINE.equals(token.getType())) {
revokeClient();
event.detail(Details.REVOKED_CLIENT, client.getClientId());
} else {
revokeAccessToken();
event.detail(Details.TOKEN_ID, token.getId());
}
event.success();
session.getProvider(SecurityHeadersProvider.class).options().allowEmptyContentType();
return cors.builder(Response.ok()).build();
}
Also used :
CorsErrorResponseException(org.keycloak.services.CorsErrorResponseException)
TokenRevokeContext(org.keycloak.services.clientpolicy.context.TokenRevokeContext)
ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Aggregations
Consumes (javax.ws.rs.Consumes)1
POST (javax.ws.rs.POST)1
CorsErrorResponseException (org.keycloak.services.CorsErrorResponseException)1
ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)1
TokenRevokeContext (org.keycloak.services.clientpolicy.context.TokenRevokeContext)1
