Skip to content

Instantly share code, notes, and snippets.

@saniaky
Last active February 3, 2021 15:53
Show Gist options
  • Save saniaky/c86fbcead2a8dae76e1f0fef6c1b7f67 to your computer and use it in GitHub Desktop.
Save saniaky/c86fbcead2a8dae76e1f0fef6c1b7f67 to your computer and use it in GitHub Desktop.
How to logout (revoke token + refresh token) user in Spring Security using OAuth 2.0
@Controller
public class TokenController {
private final TokenStore tokenStore;
@Autowired
public TokenController(TokenStore tokenStore) {
this.tokenStore = tokenStore;
}
@ResponseStatus(HttpStatus.NO_CONTENT)
@PostMapping(value = "/oauth/revoke")
public void revokeToken(Authentication authentication) {
ofNullable(authentication).ifPresent(auth -> {
OAuth2AccessToken accessToken = tokenStore.getAccessToken((OAuth2Authentication) auth);
ofNullable(accessToken).ifPresent(oAuth2AccessToken -> {
ofNullable(oAuth2AccessToken.getRefreshToken()).ifPresent(tokenStore::removeRefreshToken);
tokenStore.removeAccessToken(accessToken);
});
});
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment