authlib icon indicating copy to clipboard operation
authlib copied to clipboard

Published 20 hours ago verified publisher icon lepture

rfc7009: return error if client validation fails

Open amCap1712 opened this issue 10 months ago • 0 comments

Section 2 of RFC 7009 says:

"The authorization server first validates the client credentials (in case of a confidential client) and then verifies whether the token was issued to the client making the revocation request. If this validation fails, the request is refused and the client is informed of the error by the authorization server as described below."

Accordingly, update the code to return an invalid_grant error if the token being revoked does not belong to client credentials supplied.

What kind of change does this PR introduce? (check at least one)

  • [X] Bugfix
  • [ ] Feature
  • [ ] Code style update
  • [ ] Refactor
  • [ ] Other, please describe:
  • [X] You consent that the copyright of your pull request source code belongs to Authlib's author.

amCap1712 avatar Apr 23 '24 08:04 amCap1712