update revoke auth

docker-compose.yml

@@ -4,7 +4,7 @@ networks:
     driver: bridge
 services:
   oauth:
-    image: ghcr.io/navikt/mock-oauth2-server:0.5.8
+    image: ghcr.io/navikt/mock-oauth2-server:2.0.0
     container_name: oauth
     ports:
       - "8002:8080"

src/example_package/auth/utils.py

@@ -7,45 +7,99 @@
 URL_TOKEN = "http://localhost:8002/default_issuer/token"
 URL_JWKS = "http://localhost:8002/default_issuer/jwks"
 URL_USERINFO = "http://localhost:8002/default_issuer/userinfo"
+URL_REVOKE = "http://localhost:8002/default_issuer/revoke"
 
 
 def get_well_known_endpoint(url: str = URL_CONF):
     resp = requests.get(url).json()
     return resp
 
 
-def get_token(user: str, url: str = URL_TOKEN):
+# https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
+def get_token(
+    grant_type: str = None,
+    client_id: str = None,
+    client_secret: str = None,
+    refresh_token: str = None,
+    user: str = None,
+    url: str = URL_TOKEN,
+):
     headers = {"Content-Type": "application/x-www-form-urlencoded"}
+    data = {
+        "grant_type": grant_type,
+        "client_id": client_id,
+        "client_secret": client_secret,
+        "mock_type": user,
+    }
+    if grant_type == "refresh_token":
+        data["refresh_token"] = refresh_token
     resp = requests.post(
         url,
         headers=headers,
-        data={
-            "grant_type": "client_credentials",
-            "client_id": "fake",
-            "client_secret": "fake",
-            "mock_type": user,
-        },
+        data=data,
     )
     return resp.json()
 
 
+# https://docs.aws.amazon.com/cognito/latest/developerguide/userinfo-endpoint.html
 def get_user_info(token: str, url: str = URL_USERINFO):
     resp = requests.get(url, headers={"Authorization": f"Bearer {token}"})
     return resp.json()
 
 
+# https://is.docs.wso2.com/en/latest/references/concepts/authentication/jwks/
 def get_jwks(url: str = URL_JWKS):
     resp = requests.get(url)
     return resp.json()
 
 
+# https://docs.aws.amazon.com/cognito/latest/developerguide/revocation-endpoint.html
+def revoke_token(
+    token: str, token_type: str = "refresh_token", url: str = URL_REVOKE
+):
+    headers = {"Content-Type": "application/x-www-form-urlencoded"}
+    resp = requests.post(
+        url,
+        headers=headers,
+        data={
+            "client_id": "fake",
+            "token": token,
+            "token_type_hint": token_type,  # only refresh_token
+        },
+    )
+    print(resp)
+    print(resp.text)
+
+
 if __name__ == "__main__":
     print(get_well_known_endpoint())
-    token_resp_user = get_token("user")
-    token_resp_admin = get_token("admin")
+    token_resp_user = get_token(
+        grant_type="client_credentials",
+        client_id="fake",
+        client_secret="fake",
+        user="user",
+    )
+    token_resp_admin = get_token(
+        grant_type="client_credentials",
+        client_id="fake",
+        client_secret="fake",
+        user="admin",
+    )
     print("-------Token--------\n ")
     print(token_resp_user)
     print(token_resp_admin)
-    # print(get_jwks())
     print(get_user_info(token_resp_user["access_token"]))
     print(get_user_info(token_resp_admin["access_token"]))
+
+    new_token_resp_user = get_token(
+        grant_type="refresh_token",
+        client_id="fake",
+        client_secret="fake",
+        refresh_token=token_resp_user["access_token"],
+        user="user",
+    )
+    print(get_user_info(new_token_resp_user["access_token"]))
+
+    print("------- jwks -------\n")
+    print(get_jwks())
+    revoke_token(new_token_resp_user["refresh_token"])