Fosite | invalid_request trying to revoke access or refresh tokens

ezerw · September 9, 2020, 9:07pm

Hello,
I’m using Fosite as my company’s Authorization Server and implemented our own sql storage. Everything works fine but the revoke token.
I’ve tried using access_token and refresh_token as hint and passing the corresponding token as well without luck.

I have to mention that this is also failing in the fosite-example repo.

This is what the request looks like:

Client is public and I’m also sending the authorization header:

authHash := base64.StdEncoding.EncodeToString(
    []byte(fmt.Sprintf("%s:%s", oAuth2Config.ClientID, "")),
)
r.Header.Set("Authorization", "Basic "+authHash)

Payload

POST request with "application/x-www-form-urlencoded" Content-Type header
token=valid-existing-non-revoked-access-token-or-refresh-token
token_type_hint=tried-with-access-and-refresh-tokens-same-result

Response

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed","error_hint":"Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified.","status_code":400}

Any idea of what I’m missing or doing wrong @hackerman ?

hackerman · September 10, 2020, 11:01am

A stack trace would be helpful

ezerw · September 10, 2020, 9:59pm

Thanks!, yeah forgot to add that.

Also raised the issue on Github

Have tom mention that I’m using compose.ComposeAllEnabled(cnf, store, secret, privateKey)as in the example to initialise the provider instead of compose.Compose which is maybe the problem?

Error: invalid_request
github.com/ory/fosite.(*Fosite).NewRevocationRequest
        /Users/eze/Workspace/pkg/mod/github.com/ory/[email protected]/revoke_handler.go:79
main.revoke
        /Users/eze/Workspace/src/github.com/ezrw/server/cmd/server/handlers.go:86
net/http.HandlerFunc.ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2041
github.com/bouk/httprouter.(*Router).ServeHTTP
        /Users/eze/Workspace/pkg/mod/github.com/bouk/[email protected]/router.go:308
net/http.serverHandler.ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2836
net/http.(*conn).serve
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:1924
runtime.goexit
        /usr/local/Cellar/go/1.14.6/libexec/src/runtime/asm_amd64.s:1373

And same in the fosite-example:

Error: invalid_request
github.com/ory/fosite.(*Fosite).NewRevocationRequest
        /Users/eze/Workspace/pkg/mod/github.com/ory/[email protected]/revoke_handler.go:79
github.com/ory/fosite-example/authorizationserver.revokeEndpoint
        /Users/eze/Workspace/src/github.com/ory/fosite-example/authorizationserver/oauth2_revoke.go:13
net/http.HandlerFunc.ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2041
net/http.(*ServeMux).ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2416
net/http.serverHandler.ServeHTTP
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:2836
net/http.(*conn).serve
        /usr/local/Cellar/go/1.14.6/libexec/src/net/http/server.go:1924
runtime.goexit
        /usr/local/Cellar/go/1.14.6/libexec/src/runtime/asm_amd64.s:1373

ezerw · September 16, 2020, 11:38pm

Found the issue and created a PR on fosite repo: https://github.com/ory/fosite/pull/472