DevInABoxLLC issues

Repositories
Issues
Comments

Results 2 issues of


                                            DevInABoxLLC

revokeGrant not implemented in handleTokenRequest?

In the handleMetadataDiscovery the line 'revocation_endpoint: tokenEndpoint' tells all clients that they can send revocation requests to the same URL as the token endpoint. The main router in the fetch...

handleApiRequest - access token validation never checks to see if the client who obtained the token still exists

When deleteClient is called it does not remove the grants issued to the client id. By only deleting the client record, it orphans all active authorizations and tokens that were...