Hi
Is there a way to configure Hydra to give any kind of useful information as a response from /oauth2/revoke endpoints (without changing source code)?
Whenever I try to send requests that I know will fail, to the revocation endpoint, I get a 200 OK response, which I believe isn’t really helpful.
I have set the variable OAUTH2_EXPOSE_INTERNAL_ERRORS=true.
Logs, Example 1 (attempting to revoke a non-existing token):
hydra_1 | time=“2020-06-30T08:56:50Z” level=info msg=“started handling request” method=POST remote=“1xx.xx.x.x:40xxx” request=/oauth2/revoke
hydra_1 | time=“2020-06-30T08:56:50Z” level=error msg=“An error occurred” description=“Could not find the requested resource(s)” error=": not_found"
hydra_1 | time=“2020-06-30T08:56:50Z” level=info msg=“completed handling request” measure#hydra/public: http://1xx.x.x.x:xxxx/.latency=56833594 method=POST remote=“1xx.xx.x.x:40xxx” request=/oauth2/revoke status=200 text_status=OK took=56.833594ms
Logs, Example 2 (attempting to revoke a token, authenticated with a different client):
hydra_1 | time=“2020-06-30T09:00:57Z” level=info msg=“started handling request” method=POST remote=“1xx.xx.x.x:40xxx” request=/oauth2/revoke
hydra_1 | time=“2020-06-30T09:00:57Z” level=error msg=“An error occurred” description=“Token was not issued to the client making the revokation request” error=revokation_client_mismatch
hydra_1 | time=“2020-06-30T09:00:57Z” level=info msg=“completed handling request” measure#hydra/public: http://1xx.x.x.x:xxxx/.latency=58859000 method=POST remote=“1xx.xx.x.x:40xxx” request=/oauth2/revoke status=200 text_status=OK took=58.859ms
It would be really great and helpful if, for example, the token revocation endpoint could be configured to return the errors or descriptions, similarly to how it works for token creation:
Response, Example 3 (attempting to create a token with an invalid client)
{
“error”: “invalid_client”,
“error_description”: “Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)”,
“status_code”: 401,
“error_debug”: “Unable to locate the resource”
}
All the best