# OAuth Token revocation

* adds revocation of user tokens on logout

api/models/token.py

@@ -155,3 +155,22 @@ class OAuthToken(UuidModel):
 
         return user
 
+    def revoke(self) -> (int, int):
+        """ Revokes the tokens of the user
+
+        Returns:
+            revocation_status_codes (tuple): HTTP status code for revocation of access_token and refresh_token
+        """
+        revoke_url = f"{SSO_SERVER_BASE}o/revoke_token/"
+        token = self.refresh_token
+        revocation_status_codes = requests.post(
+                revoke_url,
+                data={
+                    'token': token,
+                    'token_type_hint': "refresh_token",
+                },
+                auth=(OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET),
+            ).status_code
+
+        return revocation_status_codes
+

konova/views/logout.py

@@ -24,5 +24,10 @@ class LogoutView(View):
         Returns:
             A redirect
         """
+        user = request.user
+        oauth_token = user.oauth_token
+        if oauth_token:
+            oauth_token.revoke()
+
         logout(request)
         return redirect(SSO_SERVER_BASE)