k7iKVSSKJr SSKJr SSKJr SSKJr SSKJr "SS\5rg ) )default_json_headers)InvalidGrantError)InvalidRequestError) TokenEndpoint)UnsupportedTokenTypeErrorc:\rSrSrSrSrSrSrSrSr Sr S r g ) RevocationEndpoint zzImplementation of revocation endpoint which is described in `RFC7009`_. .. _RFC7009: https://tools.ietf.org/html/rfc7009 revocationcURX5 URURSURRS55nU(a UR U5(d [ 5eU$)aEThe client constructs the request by including the following parameters using the "application/x-www-form-urlencoded" format in the HTTP request entity-body: token REQUIRED. The token that the client wants to get revoked. token_type_hint OPTIONAL. A hint about the type of the token submitted for revocation. tokentoken_type_hint) check_params query_tokenformget check_clientrselfrequestclientrs [/home/james-whalen/.local/lib/python3.13/site-packages/authlib/oauth2/rfc7009/revocation.pyauthenticate_token%RevocationEndpoint.authenticate_tokensc '*  LL !7<<#3#34E#F  ++F33#% % cSUR;a [5eURRS5nU(aX0R;a [ 5egg)Nrr)rrrSUPPORTED_TOKEN_TYPESr)rrrhints rrRevocationEndpoint.check_params'sJ ',, &%' '|| 12 D : ::+- -;4rcURU5nURX5nU(a,URX15 URR SUUS9 S0[ 4$)aValidate revocation request and create the response for revocation. For example, a client may request the revocation of a refresh token with the following request:: POST /revoke HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token :returns: (status_code, body, headers) after_revoke_token)rr)authenticate_endpoint_clientr revoke_tokenserver send_signalrrs rcreate_endpoint_response+RevocationEndpoint.create_endpoint_response/si227;''8    e - KK # #$ $  B,,,rc[5e)aGet the token from database/storage by the given token string. Developers should implement this method:: def query_token(self, token_string, token_type_hint): if token_type_hint == 'access_token': return Token.query_by_access_token(token_string) if token_type_hint == 'refresh_token': return Token.query_by_refresh_token(token_string) return Token.query_by_access_token(token_string) or Token.query_by_refresh_token(token_string) NotImplementedError)r token_stringrs rrRevocationEndpoint.query_tokenNs "##rc[5e)abMark token as revoked. Since token MUST be unique, it would be dangerous to delete it. Consider this situation: 1. Jane obtained a token XYZ 2. Jane revoked (deleted) token XYZ 3. Bob generated a new token XYZ 4. Jane can use XYZ to access Bob's resource It would be secure to mark a token as revoked:: def revoke_token(self, token, request): hint = request.form.get("token_type_hint") if hint == "access_token": token.access_token_revoked = True else: token.access_token_revoked = True token.refresh_token_revoked = True token.save() r+)rrrs rr%RevocationEndpoint.revoke_token\s ("##rN) __name__ __module__ __qualname____firstlineno____doc__ ENDPOINT_NAMErrr(rr%__static_attributes__r1rrr r s'!M(.-> $$rr N)authlib.constsrrfc6749rrrrr r1rrr;s"/')#/g$g$r