SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[feature] Implement /oauth/revoke for token revocation (#3983)

Browse Source
This commit is contained in:
tobi
2025-04-10 16:24:17 +02:00
committed by GitHub
parent b1a4d54c14
commit e032c959e1
8 changed files with 522 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
docs/api/swagger.yaml
View File

@@ -13197,6 +13197,43 @@ paths:
summary: Returns a compliant nodeinfo response to node info queries.
tags:
- nodeinfo
/oauth/revoke:
post:
consumes:
- multipart/form-data
operationId: oauthTokenRevoke
parameters:
- description: The client ID, obtained during app registration.
in: formData
name: client_id
required: true
type: string
- description: The client secret, obtained during app registration.
in: formData
name: client_secret
required: true
type: string
- description: The previously obtained token, to be invalidated.
in: formData
name: token
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK - If you own the provided token, the API call will provide OK and an empty response `{}`. This operation is idempotent, so calling this API multiple times will still return OK.
"400":
description: bad request
"403":
description: forbidden - If you provide a token you do not own, the API call will return a 403 error.
"406":
description: not acceptable
"500":
description: internal server error
summary: Revoke an access token to make it no longer valid for use.
tags:
- oauth
/readyz:
get:
description: If GtS is not ready, 500 Internal Error will be returned, and an error will be logged (but not returned to the caller, to avoid leaking internals).