/** * Allows users to revoke an OAuth2 application. This will remove their consent and revoke any * access and refresh tokens with a matching client id. * * @param context The request context. * @param resourceId The id of the OAuth2 client. * @return A promise of the removed application. */ @Delete public Promise<ResourceResponse, ResourceException> deleteInstance( Context context, String resourceId) { String userId = contextHelper.getUserId(context); String realm = contextHelper.getRealm(context); debug.message("Revoking access to OAuth2 client {} for user {}", resourceId, userId); try { oAuth2ProviderSettingsFactory.get(context).revokeConsent(userId, resourceId); QueryFilter<CoreTokenField> queryFilter = and(getQueryFilter(userId, realm), equalTo(CLIENT_ID.getField(), resourceId)); JsonValue tokens = tokenStore.query(queryFilter); if (tokens.asCollection().isEmpty()) { return new org.forgerock.json.resource.NotFoundException().asPromise(); } for (JsonValue token : tokens) { String tokenId = getAttributeValue(token, ID.getOAuthField()); debug.message( "Removing OAuth2 token {} with client {} for user {}", tokenId, resourceId, userId); tokenStore.delete(tokenId); } return getResourceResponse(context, resourceId, tokens).asPromise(); } catch (CoreTokenException | InvalidClientException | NotFoundException | ServerException e) { debug.message( "Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e); return new InternalServerErrorException(e).asPromise(); } catch (InternalServerErrorException e) { debug.message( "Failed to revoke access to OAuth2 client {} for user {}", resourceId, userId, e); return e.asPromise(); } }