chore: synchronize workspaces

driver/config/provider.go

@@ -673,8 +673,8 @@ func (p *DefaultProvider) cookieSuffix(ctx context.Context, key string) string {
 
 func (p *DefaultProvider) RefreshTokenRotationGracePeriod(ctx context.Context) time.Duration {
 	gracePeriod := p.getProvider(ctx).DurationF(KeyRefreshTokenRotationGracePeriod, 0)
-	if gracePeriod > time.Hour {
-		return time.Hour
+	if gracePeriod > time.Minute*5 {
+		return time.Minute * 5
 	}
 	return gracePeriod
 }

internal/testhelpers/oauth2.go

@@ -111,6 +111,20 @@ func IntrospectToken(t testing.TB, conf *oauth2.Config, token string, adminTS *h
 	return gjson.ParseBytes(ioutilx.MustReadAll(res.Body))
 }
 
+func RevokeToken(t testing.TB, conf *oauth2.Config, token string, publicTS *httptest.Server) gjson.Result {
+	require.NotEmpty(t, token)
+
+	req := httpx.MustNewRequest("POST", publicTS.URL+"/oauth2/revoke",
+		strings.NewReader((url.Values{"token": {token}}).Encode()),
+		"application/x-www-form-urlencoded")
+
+	req.SetBasicAuth(conf.ClientID, conf.ClientSecret)
+	res, err := publicTS.Client().Do(req)
+	require.NoError(t, err)
+	defer res.Body.Close()
+	return gjson.ParseBytes(ioutilx.MustReadAll(res.Body))
+}
+
 func UpdateClientTokenLifespans(t *testing.T, conf *oauth2.Config, clientID string, lifespans client.Lifespans, adminTS *httptest.Server) {
 	b, err := json.Marshal(lifespans)
 	require.NoError(t, err)

oauth2/fosite_store_helpers_test.go

@@ -6,12 +6,13 @@ package oauth2_test
 import (
 	"context"
 	"fmt"
-	"github.com/ory/hydra/v2/oauth2"
 	"net/url"
 	"slices"
 	"testing"
 	"time"
 
+	"github.com/ory/hydra/v2/oauth2"
+
 	"github.com/ory/x/assertx"
 
 	"github.com/ory/hydra/v2/flow"

oauth2/fosite_store_test.go

@@ -38,7 +38,7 @@ func setupRegistries(t *testing.T) {
 	if len(registries) == 0 && !testing.Short() {
 		// first time called and sql tests
 		var cleanSQL func(*testing.T)
-		registries["postgres"], registries["mysql"], registries["cockroach"], cleanSQL = internal.ConnectDatabases(t, true, &contextx.Default{})
+		registries["postgres"], registries["mysql"], registries["cockroach"], cleanSQL = internal.ConnectDatabases(t, false, &contextx.Default{})
 		cleanMem := cleanRegistries
 		cleanMem(t)
 		cleanRegistries = func(t *testing.T) {

oauth2/handler.go

@@ -727,11 +727,14 @@ type revokeOAuth2Token struct {
 //	  default: errorOAuth2
 func (h *Handler) revokeOAuth2Token(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	events.Trace(ctx, events.AccessTokenRevoked)
 
-	err := h.r.OAuth2Provider().NewRevocationRequest(ctx, r)
+	err := h.r.Persister().Transaction(ctx, func(ctx context.Context, _ *pop.Connection) error {
+		return h.r.OAuth2Provider().NewRevocationRequest(ctx, r)
+	})
 	if err != nil {
 		x.LogError(r, err, h.r.Logger())
+	} else {
+		events.Trace(ctx, events.AccessTokenRevoked)
 	}
 
 	h.r.OAuth2Provider().WriteRevocationResponse(ctx, w, err)

oauth2/helper_test.go

@@ -5,10 +5,11 @@ package oauth2_test
 
 import (
 	"context"
+	"testing"
+
 	"github.com/oleiade/reflections"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"testing"
 
 	"github.com/ory/fosite"
 	"github.com/ory/fosite/handler/oauth2"

oauth2/helpers.go

@@ -1,13 +1,18 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
 package oauth2
 
 import (
 	"context"
 	"crypto/sha256"
 	"fmt"
+	"time"
+
 	"github.com/gobuffalo/pop/v6"
 	gofrsuuid "github.com/gofrs/uuid"
+
 	"github.com/ory/hydra/v2/x"
-	"time"
 )
 
 func signatureFromJTI(jti string) string {