00618237 - Revoke and Introspect Access Token

1. /*
2. Simple JS file for testing token revoke and introspect. Can be used in conjuction with okta-auth-js.
3.  
4. I have made these function due to the fact that they are not available in the above mentioned library.
5.  
6. **** DISCLAIMER ****
7. ************************************************************************************************
8. The script is provided AS IS without warranty of any kind. Okta disclaims all implied warranties
9. including, without limitation, any implied warranties of fitness for a particular purpose.
10. We highly recommend testing scripts in a preview environment if possible.
11. ************************************************************************************************
12.  
13. Access Token should be obtained via any methods available.
14.  
15. */
16.  
17. var accessToken = ''
18. var baseUrl = '{YOUR_OKTA_DOMAIN_HERE}.com/oauth2/default'
19. var client_id = '{CLIENT_ID_HERE}'
20. var client_secret = '{CLIENT_SECRET_HERE}' // Only available for Web Apps.
21. var params = {
22.   'client_id': client_id, // Necessary only for Native apps.
23.   'token' : accessToken, // obtained via any methods possible, declared above.
24.   'token_type_hint': 'access_token',
25. }
26. var requestHeaders = new Headers({
27.   //'Authorization':'Basic '+btoa(client_id)+':'+btoa(client_secret), // required for Web Apps (frontend + backend),
28.   // Do not include the Authorization header for Native apps.
29.   'Accept':'application/json',
30.   'Content-Type': 'application/x-www-form-urlencoded'
31. })
32. async function revokeToken(){
33.   const data = Object.keys(params).map((key) =>{
34.     return encodeURIComponent(key) + '=' + encodeURIComponent(params[key]);
35.   }).join('&');  
36.   localStorage.removeItem("tokens");
37.   return await fetch(baseUrl+'/v1/revoke', {
38.     method:'POST',
39.     headers: requestHeaders,
40.     body: data
41.   })
42. }
43. async function introspectToken(){
44.   const data = Object.keys(params).map((key) =>{
45.     return encodeURIComponent(key) + '=' + encodeURIComponent(params[key]);
46.   }).join('&');  
47.   localStorage.removeItem("tokens");
48.   let res =  await fetch(baseUrl+'/v1/introspect', {
49.     method:'POST',
50.     headers: requestHeaders,
51.     body: data
52.   })
53.   return await res.json()
54. }
55. function revoke(){
56.   revokeToken().then(res => {
57.     switch(res.status){
58.       case 200:
59.         console.log(res)
60.         console.log('Token Revoked!')
61.         break
62.       case 400:
63.         console.log(res)
64.         console.log('Bad Request')
65.         break
66.       default:
67.         console.log(res)
68.     }
69. })
70. }
71. function introspect(){
72.   introspectToken().then(res =>{
73.     switch(res['active']){
74.       case false:
75.         console.log(res)
76.         console.log('Token is no longer active')
77.         break
78.       case true:
79.         console.log(res)
80.         console.log('Token is still active')
81.     }
82.   })
83. }
84.  
85. // the bellow assumes you have two empty <div> ellemnts with ids revoke and instrospect.
86. document.getElementById('revoke').innerHTML = "<button onclick='revoke()'>revoke</button>"
87. document.getElementById('introspect').innerHTML = "<button onclick='introspect()'>introspect</button>"
88.  
89. // author: Adrian Lazar.