feat: change API

consent/handler.go

@@ -125,10 +125,14 @@ type revokeOAuth2ConsentSessions struct {
 func (h *Handler) revokeOAuth2ConsentSessions(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 	subject := r.URL.Query().Get("subject")
 	client := r.URL.Query().Get("client")
-	allClients := r.URL.Query().Get("all") == "true"
 	consentChallengeID := r.URL.Query().Get("consent_challenge_id")
-	if subject == "" {
-		h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'subject' is not defined but should have been.`)))
+	allClients := r.URL.Query().Get("all") == "true"
+	if subject == "" && consentChallengeID == "" {
+		h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'subject' or 'consent_challenge_id' are required.`)))
+		return
+	}
+	if consentChallengeID != "" && subject != "" {
+		h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'subject' and 'consent_challenge_id' cannot be set at the same time.`)))
 		return
 	}
 	if consentChallengeID != "" && client != "" {
@@ -137,7 +141,7 @@ func (h *Handler) revokeOAuth2ConsentSessions(w http.ResponseWriter, r *http.Req
 	}
 
 	switch {
-	case len(client) > 0:
+	case client != "":
 		if err := h.r.ConsentManager().RevokeSubjectClientConsentSession(r.Context(), subject, client); err != nil && !errors.Is(err, x.ErrNotFound) {
 			h.r.Writer().WriteError(w, r, err)
 			return
@@ -150,7 +154,7 @@ func (h *Handler) revokeOAuth2ConsentSessions(w http.ResponseWriter, r *http.Req
 		}
 		events.Trace(r.Context(), events.ConsentRevoked, events.WithSubject(subject))
 	case consentChallengeID != "":
-		if err := h.r.ConsentManager().RevokeSubjectConsentSessionByID(r.Context(), subject, consentChallengeID); err != nil && !errors.Is(err, x.ErrNotFound) {
+		if err := h.r.ConsentManager().RevokeConsentSessionByID(r.Context(), consentChallengeID); err != nil && !errors.Is(err, x.ErrNotFound) {
 			h.r.Writer().WriteError(w, r, err)
 			return
 		}

consent/manager.go

@@ -30,7 +30,7 @@ type (
 		HandleConsentRequest(ctx context.Context, f *flow.Flow, r *flow.AcceptOAuth2ConsentRequest) (*flow.OAuth2ConsentRequest, error)
 		RevokeSubjectConsentSession(ctx context.Context, user string) error
 		RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error
-		RevokeSubjectConsentSessionByID(ctx context.Context, user, consentChallengeID string) error
+		RevokeConsentSessionByID(ctx context.Context, consentChallengeID string) error
 
 		VerifyAndInvalidateConsentRequest(ctx context.Context, verifier string) (*flow.AcceptOAuth2ConsentRequest, error)
 		FindGrantedAndRememberedConsentRequests(ctx context.Context, client, user string) ([]flow.AcceptOAuth2ConsentRequest, error)

persistence/sql/persister_consent.go

@@ -44,12 +44,12 @@ func (p *Persister) RevokeSubjectClientConsentSession(ctx context.Context, user,
 	return p.Transaction(ctx, p.revokeConsentSession("consent_challenge_id IS NOT NULL AND subject = ? AND client_id = ?", user, client))
 }
 
-func (p *Persister) RevokeSubjectConsentSessionByID(ctx context.Context, user, consentChallengeID string) (err error) {
-	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSubjectConsentSessionByID",
+func (p *Persister) RevokeConsentSessionByID(ctx context.Context, user, consentChallengeID string) (err error) {
+	ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeConsentSessionByID",
 		trace.WithAttributes(attribute.String("consent_challenge_id", consentChallengeID)))
 	defer otelx.End(span, &err)
 
-	return p.Transaction(ctx, p.revokeConsentSession("consent_challenge_id = ? AND subject = ? ", consentChallengeID, user))
+	return p.Transaction(ctx, p.revokeConsentSession("consent_challenge_id = ?", consentChallengeID, user))
 }
 
 func (p *Persister) revokeConsentSession(whereStmt string, whereArgs ...interface{}) func(context.Context, *pop.Connection) error {