@@ 158,7 158,7 @@ func revokeClient(w http.ResponseWriter, req *http.Request) {
return
}
- if err := db.RevokeAccessTokens(ctx, id, loginToken.User); err != nil {
+ if err := db.RevokeClientUser(ctx, id, loginToken.User); err != nil {
httpError(w, err)
return
}
@@ 284,12 284,30 @@ func (db *DB) DeleteAccessToken(ctx context.Context, id ID[*AccessToken]) error
return err
}
-func (db *DB) RevokeAccessTokens(ctx context.Context, clientID ID[*Client], userID ID[*User]) error {
- _, err := db.db.ExecContext(ctx, `
+func (db *DB) RevokeClientUser(ctx context.Context, clientID ID[*Client], userID ID[*User]) error {
+ tx, err := db.db.BeginTx(ctx, nil)
+ if err != nil {
+ return err
+ }
+ defer tx.Rollback()
+
+ _, err = tx.ExecContext(ctx, `
DELETE FROM AccessToken
WHERE client = ? AND user = ?
`, clientID, userID)
- return err
+ if err != nil {
+ return err
+ }
+
+ _, err = tx.ExecContext(ctx, `
+ DELETE FROM AuthCode
+ WHERE client = ? AND user = ?
+ `, clientID, userID)
+ if err != nil {
+ return err
+ }
+
+ return tx.Commit()
}
func (db *DB) CreateAuthCode(ctx context.Context, code *AuthCode) error {