The refresh token should be revocable

in #utopian-io7 years ago (edited)

Components

This proposal is about the OAuth2 module of SteemConnect. To be more precise - about the https://steemconnect.com/api/oauth2/token/revoke endpoint.

Proposal

At the moment, there is no way to revoke refresh token via the https://steemconnect.com/api/oauth2/token/revoke endpoint.

Currently, this endpoint revokes the access token provided in the Authorization header. I believe it would be really useful for developers to be able to also revoke the refresh token.

Mockups / Examples

My proposal is to change the current behavior of the https://steemconnect.com/api/oauth2/token/revoke endpoint. Here is how it IMO could work:
proposal headers
proposal body

The core concept is that not the access_token provided in the Authorization header is being revoked, but token provided in the request's body.

It would enable a developer to implement revoking both refresh token and access token using the same endpoint.

As you can see, the headers section would include:

  • Content-Type: application/x-www-form-urlencoded
  • Accept: application/json
  • Authorization: <access_token>

and body:

  • token, the access_token or refresh_token to revoke
  • token_type_hint, there developer should specify the type of token (access_token or refresh_token) provided in the token field

In my opinion, if token_type_hint was refresh_token, SteemConnect should revoke both access token and refresh token.

If token_type_hint was access_token, SteemConnect should only revoke access token.

For more information check this paper:

Benefits

With revocable refresh token via the /api/oauth2/token/revoke endpoint, a developer would be able to delete all tokens of the user if one didn't need them anymore. My proposal would enable to use offline scope more safety.


Posted on Utopian.io - Rewarding Open Source Contributors

#steemconnect #dev #steemdev #oauth2
7 years ago in #utopian-io by
$8.52
  • Promotion Cost $0.01
  • Past Payouts $8.52
  • - Author $6.19
  • - Curators $2.33
57 votes
Reply 6
Sort:  
  • Trending
    • [-]
     7 years ago 

    Your contribution cannot be approved because it does not follow the Utopian Rules.

    Your suggestion has to do with the usage of the platform created by the project owner platform and not to do with a suggestion relating to a technical issue to increase the running of the platform.

    You can contact us on Discord.
    [utopian-moderator]

    $1.49
    • Past Payouts $1.49
    • - Author $1.12
    • - Curators $0.37
    1 vote
    Reply
    [-]
     7 years ago (edited)

    I'm not sure if you understood both my contribution and how the SteemConnect works.

    SteemConnect is not only an app for (for example) generating hot signing links. It is also an OAuth2 service for developers that allow them to implement authentication flow for their app.

    Suggestions may only relate to significant technical aspects of the project (rather than processes or organisational issues).

    I believe my contribution is related to significant technical aspects of the project - revoking tokens is an essential feature for OAuth2 service.

    Suggestions are minor features / enhancements to an Open Source project.

    Revocable refresh token is a minor feature idd.

    $0.00
      Reply
      [-]
       7 years ago 

      Hey @sunray, I just gave you a tip for your hard work on moderation. Upvote this comment to support the utopian moderators and increase your future rewards!

      $0.00
        Reply
        [-]
         7 years ago 

        Hi @jakipatryk, This contribution has been verified after reevaluation. Thank you.

        You can contact us on Discord.
        [utopian-moderator]

        $0.10
        • Past Payouts $0.10
        • - Author $0.10
        • - Curators $0.00
        2 votes
        Reply
        [-]
         7 years ago 

        Nice! Promoted for 0.008SBD! :-]

        $0.06
        • Past Payouts $0.06
        • - Author $0.05
        • - Curators $0.01
        1 vote
        Reply
        [-]
         7 years ago 

        Hey @jakipatryk I am @utopian-io. I have just upvoted you!

        Achievements

        • You have less than 500 followers. Just gave you a gift to help you succeed!
        • Seems like you contribute quite often. AMAZING!

        Suggestions

        • Contribute more often to get higher and higher rewards. I wish to see you often!
        • Work on your followers to increase the votes/rewards. I follow what humans do and my vote is mainly based on that. Good luck!

        Get Noticed!

        • Did you know project owners can manually vote with their own voting power or by voting power delegated to their projects? Ask the project owner to review your contributions!

        Community-Driven Witness!

        I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!

        mooncryption-utopian-witness-gif

        Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x

        $0.00
          Reply

          Coin Marketplace

          STEEM 0.19
          TRX 0.18
          JST 0.034
          BTC 89972.67
          ETH 3222.82
          USDT 1.00
          SBD 2.82