fix: token revoke endpoint parameters

Author: aldbr

diracx-cli/src/diracx/cli/auth.py

@@ -129,7 +129,7 @@ async def logout():
             # Revoke refresh token
             try:
                 await api.auth.revoke_refresh_token_by_refresh_token(
-                    client_id=api.client_id, refresh_token=credentials.refresh_token
+                    client_id=api.client_id, token=credentials.refresh_token
                 )
             except Exception as e:
                 print(f"Error revoking the refresh token {e!r}")

diracx-routers/src/diracx/routers/auth/management.py

@@ -7,9 +7,9 @@
 from __future__ import annotations
 
 import logging
-from typing import Annotated, Any
+from typing import Annotated, Any, Literal
 
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, Form, HTTPException, status
 from joserfc.errors import DecodeError
 from typing_extensions import TypedDict
 from uuid_utils import UUID
@@ -66,8 +66,16 @@ async def get_refresh_tokens(
 async def revoke_refresh_token_by_refresh_token(
     auth_db: AuthDB,
     settings: AuthSettings,
-    refresh_token: str,
-    client_id: str,
+    token: Annotated[str, Form(description="The refresh token to revoke")],
+    # Unused but necessary parameter: https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
+    token_type_hint: Annotated[
+        Literal["access_token", "refresh_token"],
+        Form(description="Hint for the type of token being revoked"),
+    ] = "refresh_token",  # noqa: S107
+    client_id: Annotated[
+        str,
+        Form(description="The client ID of the application requesting the revocation"),
+    ] = "myDIRACClientID",
 ) -> str:
     """Revoke a refresh token."""
     # Test the client_id
@@ -77,9 +85,7 @@ async def revoke_refresh_token_by_refresh_token(
         )
 
     try:
-        await revoke_refresh_token_by_refresh_token_bl(
-            auth_db, None, refresh_token, settings
-        )
+        await revoke_refresh_token_by_refresh_token_bl(auth_db, None, token, settings)
     except DecodeError:
         logger.warning("Someone tried to revoke its token but failed.")
 

diracx-routers/tests/auth/test_standard.py

@@ -1124,8 +1124,8 @@ async def test_revoke_refresh_token_classic(test_client, auth_httpx_mock: HTTPXM
     # Normal user tries to delete a random and non-existing RT: should respond with a 200
     r = test_client.post(
         "/api/auth/revoke",
-        params={
-            "refresh_token": "does-not-exist",
+        data={
+            "token": "does-not-exist",
             "client_id": DIRAC_CLIENT_ID,
         },
     )
@@ -1134,8 +1134,8 @@ async def test_revoke_refresh_token_classic(test_client, auth_httpx_mock: HTTPXM
     # Normal user tries to delete his/her RT: should work
     r = test_client.post(
         "/api/auth/revoke",
-        params={
-            "refresh_token": normal_user_refresh_token,
+        data={
+            "token": normal_user_refresh_token,
             "client_id": DIRAC_CLIENT_ID,
         },
     )
@@ -1152,8 +1152,8 @@ async def test_revoke_refresh_token_classic(test_client, auth_httpx_mock: HTTPXM
     # Normal user tries to delete a valid RT using the wrong client id
     r = test_client.post(
         "/api/auth/revoke",
-        params={
-            "refresh_token": normal_user_refresh_token,
+        data={
+            "token": normal_user_refresh_token,
             "client_id": "a_wrong_dirac_client_id",
         },
     )