oauth2: Expose revocation endpoint at OIDC Discovery (ory#1355)

Closes #12678

Signed-off-by: aeneasr <[email protected]>

oauth2/doc.go

@@ -120,6 +120,9 @@ type WellKnown struct {
 
 	// Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.
 	ClaimsParameterSupported bool `json:"claims_parameter_supported"`
+
+	// URL of the authorization server's OAuth 2.0 revocation endpoint.
+	RevocationEndpoint string `json:"revocation_endpoint"`
 }
 
 // swagger:model flushInactiveOAuth2TokensRequest

oauth2/handler.go

@@ -112,6 +112,7 @@ func (h *Handler) WellKnownHandler(w http.ResponseWriter, r *http.Request) {
 		AuthURL:                           urlx.AppendPaths(h.c.IssuerURL(), AuthPath).String(),
 		TokenURL:                          urlx.AppendPaths(h.c.IssuerURL(), TokenPath).String(),
 		JWKsURI:                           urlx.AppendPaths(h.c.IssuerURL(), JWKPath).String(),
+		RevocationEndpoint:                urlx.AppendPaths(h.c.IssuerURL(), RevocationPath).String(),
 		RegistrationEndpoint:              h.c.OAuth2ClientRegistrationURL().String(),
 		SubjectTypes:                      h.c.SubjectTypesSupported(),
 		ResponseTypes:                     []string{"code", "code id_token", "id_token", "token id_token", "token", "token id_token code"},

oauth2/handler_test.go

@@ -394,6 +394,7 @@ func TestHandlerWellKnown(t *testing.T) {
 		AuthURL:                           urlx.AppendPaths(conf.IssuerURL(), oauth2.AuthPath).String(),
 		TokenURL:                          urlx.AppendPaths(conf.IssuerURL(), oauth2.TokenPath).String(),
 		JWKsURI:                           urlx.AppendPaths(conf.IssuerURL(), oauth2.JWKPath).String(),
+		RevocationEndpoint:                urlx.AppendPaths(conf.IssuerURL(), oauth2.RevocationPath).String(),
 		RegistrationEndpoint:              conf.OAuth2ClientRegistrationURL().String(),
 		SubjectTypes:                      []string{"pairwise", "public"},
 		ResponseTypes:                     []string{"code", "code id_token", "id_token", "token id_token", "token", "token id_token code"},

sdk/java/hydra-client-resttemplate/README.md

@@ -163,6 +163,7 @@ Class | Method | HTTP request | Description
  - [SwaggerFlushInactiveAccessTokens](docs/SwaggerFlushInactiveAccessTokens.md)
  - [SwaggerHealthStatus](docs/SwaggerHealthStatus.md)
  - [SwaggerJSONWebKey](docs/SwaggerJSONWebKey.md)
+ - [SwaggerJSONWebKeyQuery](docs/SwaggerJSONWebKeyQuery.md)
  - [SwaggerJSONWebKeySet](docs/SwaggerJSONWebKeySet.md)
  - [SwaggerJsonWebKeyQuery](docs/SwaggerJsonWebKeyQuery.md)
  - [SwaggerJwkCreateSet](docs/SwaggerJwkCreateSet.md)

sdk/java/hydra-client-resttemplate/docs/AuthenticationSession.md

@@ -4,7 +4,7 @@
 ## Properties
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**authenticatedAt** | [**DateTime**](DateTime.md) | authenticated at Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time |  [optional]
+**authenticatedAt** | [**DateTime**](DateTime.md) | authenticated at Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time |  [optional]
 **ID** | **String** | ID |  [optional]
 **subject** | **String** | subject |  [optional]
 

sdk/java/hydra-client-resttemplate/docs/Client.md

@@ -12,7 +12,7 @@ Name | Type | Description | Notes
 **clientSecretExpiresAt** | **Long** | SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration. |  [optional]
 **clientUri** | **String** | ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. |  [optional]
 **contacts** | **List<String>** | Contacts is a array of strings representing ways to contact people responsible for this client, typically email addresses. |  [optional]
-**createdAt** | [**DateTime**](DateTime.md) | CreatedAt returns the timestamp of the client's creation. Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time |  [optional]
+**createdAt** | [**DateTime**](DateTime.md) | CreatedAt returns the timestamp of the client's creation. Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time |  [optional]
 **grantTypes** | **List<String>** | GrantTypes is an array of grant types the client is allowed to use. |  [optional]
 **jwks** | [**SwaggerJSONWebKeySet**](SwaggerJSONWebKeySet.md) |  |  [optional]
 **jwksUri** | **String** | URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate. |  [optional]
@@ -28,7 +28,7 @@ Name | Type | Description | Notes
 **subjectType** | **String** | SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`. |  [optional]
 **tokenEndpointAuthMethod** | **String** | Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none. |  [optional]
 **tosUri** | **String** | TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client. |  [optional]
-**updatedAt** | [**DateTime**](DateTime.md) | UpdatedAt returns the timestamp of the last update. Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time |  [optional]
+**updatedAt** | [**DateTime**](DateTime.md) | UpdatedAt returns the timestamp of the last update. Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time Format: date-time |  [optional]
 **userinfoSignedResponseAlg** | **String** | JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type. |  [optional]
 
 

sdk/java/hydra-client-resttemplate/docs/PreviousConsentSession.md

@@ -9,7 +9,7 @@ Name | Type | Description | Notes
 **grantScope** | **List<String>** | GrantScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope` |  [optional]
 **remember** | **Boolean** | Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope. |  [optional]
 **rememberFor** | **Long** | RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely. |  [optional]
-**session** | [**ConsentRequestSession**](ConsentRequestSession.md) |  |  [optional]
+**session** | [**ConsentRequestSessionData**](ConsentRequestSessionData.md) |  |  [optional]
 
 
 

sdk/java/hydra-client-resttemplate/docs/SwaggerJwkCreateSet.md

@@ -4,7 +4,7 @@
 ## Properties
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
-**body** | [**CreateRequest**](CreateRequest.md) |  |  [optional]
+**body** | [**JsonWebKeySetGeneratorRequest**](JsonWebKeySetGeneratorRequest.md) |  |  [optional]
 **set** | **String** | The set in: path |