Allow making raw HTTP POST requests to the authz server #463
Conversation
|
This PR (HEAD: d2a14ae) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/oauth2/+/277272 to see it. Tip: You can toggle comments from me using the |
|
Message from Go Bot: Patch Set 1: Congratulations on opening your first change. Thank you for your contribution! Next steps: Most changes in the Go project go through a few rounds of revision. This can be Please don’t reply on this GitHub thread. Visit golang.org/cl/277272. |
misberner
force-pushed
the
mi-raw-http-requests
branch
from
d2a14ae to
0b4d90a
Compare
|
This PR (HEAD: 0b4d90a) has been imported to Gerrit for code review. Please visit https://go-review.googlesource.com/c/oauth2/+/277272 to see it. Tip: You can toggle comments from me using the |
This PR adds functionality to make token-style HTTP requests to an arbitrary endpoint of the authz server, instead of just for retrieving tokens.
Use case: the main motivation was to support for OAuth2 token revocation per RFC7009. The token revocation endpoint requires client credentials, and implementing it outside of this library requires effectively re-implementing the auth style auto-sensing & caching.
This seemed the most convenient way of leveraging the library for token revocation. If desired, I can also make this less general to only support token revocation, but a.o.t. this would require figuring out the revocation URLs for all supported providers, which is outside my current time budget.