Skip to content

feat/revocation endpoint auth methods#6

Merged
ralflang merged 3 commits into
FRAMEWORK_6_0from
feat/revocation-endpoint-auth-methods
Jun 15, 2026
Merged

feat/revocation endpoint auth methods#6
ralflang merged 3 commits into
FRAMEWORK_6_0from
feat/revocation-endpoint-auth-methods

Conversation

@ralflang

@ralflang ralflang commented Jun 15, 2026

Copy link
Copy Markdown
Member

Minor follow up to @jcdelepine's #5

The RFC allows a separate advertising field for the revocation endpoint auth methods. If not present, reuse the authentication endpoint as in #5

ralflang added 3 commits June 15, 2026 09:15
Adds two private helpers, captureStreamBody() and captureAuthHeader()
that build stub factories returning a callback-based capture.
Five existing tests use them, dropping ~30 lines of duplicated stub setup.
New optional revocationEndpointAuthMethodsSupported field on ProviderConfig.
As of RFC 8414 §2 OAuth2Client::revokeToken() uses it for client authentication
selection when present or falls back to tokenEndpointAuthMethodsSupported per the spec's specified default.
If both are missing, implies POST method.
@ralflang
ralflang merged commit acd0f8a into FRAMEWORK_6_0 Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant