Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
My attempt to implement a fix for #806.
AbstractGrant
into aRequestValidatorTrait
trait, so they can be used by non-grant classes. This trait includes some abstract methods, to get the client repository and the grant identifier. Those could be refactored into arguments tovalidateClient
, if that's preferable.RevokeTokenHandler
class to handle revocation. The constructor requires the refresh token repository and the public key as arguments. Uses existing repository methods for revocation.enableRevokeTokenHandler
method toAuthorizationServer
to be used during setup.respondToRevokeTokenRequest
method toAuthorizationServer
, to be used in a POST request, similar torespondToAccessTokenRequest
. CORS support is up to the application.$canRevokeAccessTokens
in theRevokeTokenHandler
constructor if you want to allow access tokens to be revoked, since the spec describes this as optional.