# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1683484953 -7200
# Node ID 95cb7e7efa37225b196b8125688d2b4c62467ba3
# Parent  48c643c851f3a6465ec7ef85f083f611a5d8e128
mod_rest/rest.sh: Add --logout to revoke token

diff -r 48c643c851f3 -r 95cb7e7efa37 mod_rest/example/rest.sh
--- a/mod_rest/example/rest.sh	Sun May 07 20:41:35 2023 +0200
+++ b/mod_rest/example/rest.sh	Sun May 07 20:42:33 2023 +0200
@@ -113,6 +113,22 @@
 	http --check-status -b --session rest "$USERINFO_ENDPOINT" "Authorization:Bearer $ACCESS_TOKEN" Accept:application/json >&2
 	AUTH_METHOD="session-read-only"
 	AUTH_ID="rest"
+
+elif [[ "$1" == "--logout" ]]; then
+	# Revoke token
+	source "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST"
+
+	OAUTH_META="$(http --check-status --json "https://$HOST/.well-known/oauth-authorization-server" Accept:application/json)"
+	REVOCATION_ENDPOINT="$(echo "$OAUTH_META" | jq -e -r '.revocation_endpoint')"
+
+	CLIENT_ID="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_id')"
+	CLIENT_SECRET="$(echo "$OAUTH_CLIENT_INFO" | jq -e -r '.client_secret')"
+
+	http -h --check-status --auth "$CLIENT_ID:$CLIENT_SECRET" --form "$REVOCATION_ENDPOINT" token="$REFRESH_TOKEN"
+
+	# Overwrite the token
+	typeset -p OAUTH_CLIENT_INFO > "${XDG_CACHE_HOME:-$HOME/.cache}/rest/$HOST"
+	exit 0
 fi
 
 if [[ $# == 0 ]]; then