node-oauth2-server: wrong typing for revokeToken argument
Specify your setup
- Operating System:
- Node version:
- npm version:
- version of @node-oauth/oauth2-server
- which OAuth2 workflow:
- at which workflow step does the error occur:
Describe the bug
Typescript type seems to be wrong for the revokeToken argument token
Expected behavior
Should be only RefreshToken
About this issue
- Original URL
- State: closed
- Created 10 months ago
- Comments: 26 (26 by maintainers)
Hey @shrihari-prakash @jorenvandeweyer since this is done, the only thing left is a migration guide. I opened a discussion for this here: https://github.com/node-oauth/node-oauth2-server/discussions/248
Let’s give it some thoughts and I will craft a guide until end of this week.
@shrihari-prakash The spec does not mention the revocation of a previously issued access token when using a refresh token.
In many cases it would be even impossible to revoke previously issued access token, think of short lived JWT tokens that are not saved in the database.
When you look at popular oAuth2 services they even declare access token revocation is not possible at all. (source)
To conclude I think we should not require or suggest to pass the access token in the
getRefreshTokenfunction by extending the type nor should we implement agetAccessTokenfunction.I’m not involved enough with Typescript to make a meaningful addition here, which is why I solely let this be on you both.
100% agree on a migration guide here!
Just want to add that this design is mainly from the former oauthjs/oauth2-server repository, which is why I think we should consider the most future-proof approach here, even if breaking.
@jorenvandeweyer @shrihari-prakash the types file still contains
revokeTokeninstead ofrefreshTokenin #194 . Should this be handled in #194 ? I mean, once it’s released it will be “pinned” in this version and may cause confusion.One more PR to fix this?