Improves conformance to RFC 7009 (!4) · Merge requests · project / simple_oauth_revoke

Daniel Pfeiffer requested to merge rfc7009-conformance into 2.0.x Jan 15, 2024

The /oauth/revoke endpoint was falling short of RFC 7009 compliance in a few areas:

It only supports revocation of refresh tokens; requests to revoke an access token receive a successful response, but the access token is not revoked.
The client credentials are not being validated.

These changes address both of those issues.

Improves conformance to RFC 7009