identity: "disconnect app" — revoke_app(Subject, Client) (+4 tests)
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 36s
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 36s
identity_tokens:revoke_app(Subject, Client) revokes every grant a subject holds for one client at once (audited one revoke per grant), exposed at the facade as identity:revoke_app. The action counterpart to the grants view — completing the account-security view+action pairs (sessions/logout_all, grants/revoke_app, history). Other subjects' same-client grants are untouched. account 11/11, 233/233. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
File diff suppressed because one or more lines are too long
@@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"language": "identity",
|
"language": "identity",
|
||||||
"total_pass": 229,
|
"total_pass": 233,
|
||||||
"total": 229,
|
"total": 233,
|
||||||
"suites": [
|
"suites": [
|
||||||
{"name":"session","pass":11,"total":11,"status":"ok"},
|
{"name":"session","pass":11,"total":11,"status":"ok"},
|
||||||
{"name":"token","pass":24,"total":24,"status":"ok"},
|
{"name":"token","pass":24,"total":24,"status":"ok"},
|
||||||
@@ -24,6 +24,6 @@
|
|||||||
{"name":"introspect","pass":9,"total":9,"status":"ok"},
|
{"name":"introspect","pass":9,"total":9,"status":"ok"},
|
||||||
{"name":"par","pass":7,"total":7,"status":"ok"},
|
{"name":"par","pass":7,"total":7,"status":"ok"},
|
||||||
{"name":"dynreg","pass":5,"total":5,"status":"ok"},
|
{"name":"dynreg","pass":5,"total":5,"status":"ok"},
|
||||||
{"name":"account","pass":7,"total":7,"status":"ok"}
|
{"name":"account","pass":11,"total":11,"status":"ok"}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# identity-on-sx Scoreboard
|
# identity-on-sx Scoreboard
|
||||||
|
|
||||||
**Total: 229 / 229 tests passing**
|
**Total: 233 / 233 tests passing**
|
||||||
|
|
||||||
| | Suite | Pass | Total |
|
| | Suite | Pass | Total |
|
||||||
|---|---|---|---|
|
|---|---|---|---|
|
||||||
@@ -25,7 +25,7 @@
|
|||||||
| ✅ | introspect | 9 | 9 |
|
| ✅ | introspect | 9 | 9 |
|
||||||
| ✅ | par | 7 | 7 |
|
| ✅ | par | 7 | 7 |
|
||||||
| ✅ | dynreg | 5 | 5 |
|
| ✅ | dynreg | 5 | 5 |
|
||||||
| ✅ | account | 7 | 7 |
|
| ✅ | account | 11 | 11 |
|
||||||
|
|
||||||
|
|
||||||
Generated by `lib/identity/conformance.sh`.
|
Generated by `lib/identity/conformance.sh`.
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
;; identity/tests/account.sx — \"apps with access\": per-subject active-grant
|
;; identity/tests/account.sx — the account-security surface: \"apps with
|
||||||
;; listing, at the token registry (grants_for) and through the facade
|
;; access\" (grants_for / identity:grants) plus \"disconnect this app\"
|
||||||
;; (identity:grants). Completes the per-subject security trio with sessions
|
;; (revoke_app / identity:revoke_app). Completes the per-subject view+action
|
||||||
;; and history.
|
;; pair alongside sessions and history.
|
||||||
|
|
||||||
(define id-acct-test-count 0)
|
(define id-acct-test-count 0)
|
||||||
(define id-acct-test-pass 0)
|
(define id-acct-test-pass 0)
|
||||||
@@ -49,7 +49,28 @@
|
|||||||
"R = identity_tokens:start(),\n identity_tokens:issue(R, alice, web, read),\n case identity_tokens:grants_for(R, alice) of\n [{Client, _Scope}] -> Client;\n _ -> other\n end"))
|
"R = identity_tokens:start(),\n identity_tokens:issue(R, alice, web, read),\n case identity_tokens:grants_for(R, alice) of\n [{Client, _Scope}] -> Client;\n _ -> other\n end"))
|
||||||
"web")
|
"web")
|
||||||
|
|
||||||
;; ── facade-level grants ──────────────────────────────────────────
|
;; ── token-level revoke_app (\"disconnect this app\") ────────────────
|
||||||
|
|
||||||
|
(id-acct-test
|
||||||
|
"revoke_app revokes all of a subject's grants for one client"
|
||||||
|
(ida-ev
|
||||||
|
"R = identity_tokens:start(),\n identity_tokens:issue(R, alice, web, read),\n identity_tokens:issue(R, alice, web, write),\n identity_tokens:issue(R, alice, cli, read),\n identity_tokens:revoke_app(R, alice, web),\n length(identity_tokens:grants_for(R, alice))")
|
||||||
|
1)
|
||||||
|
|
||||||
|
(id-acct-test
|
||||||
|
"revoke_app deactivates that client's tokens"
|
||||||
|
(idanm
|
||||||
|
(ida-ev
|
||||||
|
"R = identity_tokens:start(),\n {ok, T} = identity_tokens:issue(R, alice, web, read),\n identity_tokens:revoke_app(R, alice, web),\n case identity_tokens:introspect(R, T) of\n {active, _, _, _} -> active;\n {inactive} -> inactive\n end"))
|
||||||
|
"inactive")
|
||||||
|
|
||||||
|
(id-acct-test
|
||||||
|
"revoke_app leaves another subject's same-client grant intact"
|
||||||
|
(ida-ev
|
||||||
|
"R = identity_tokens:start(),\n identity_tokens:issue(R, alice, web, read),\n identity_tokens:issue(R, bob, web, read),\n identity_tokens:revoke_app(R, alice, web),\n length(identity_tokens:grants_for(R, bob))")
|
||||||
|
1)
|
||||||
|
|
||||||
|
;; ── facade-level grants + revoke_app ─────────────────────────────
|
||||||
|
|
||||||
(id-acct-test
|
(id-acct-test
|
||||||
"identity:grants lists apps a subject has logged into"
|
"identity:grants lists apps a subject has logged into"
|
||||||
@@ -58,9 +79,9 @@
|
|||||||
2)
|
2)
|
||||||
|
|
||||||
(id-acct-test
|
(id-acct-test
|
||||||
"revoking a token drops it from identity:grants"
|
"identity:revoke_app disconnects one app, leaving the rest"
|
||||||
(ida-ev
|
(ida-ev
|
||||||
"Svc = identity:start(),\n {ok, _S1, T1} = identity:login(Svc, alice, web, read),\n identity:login(Svc, alice, mobile, read),\n identity:revoke(Svc, T1),\n length(identity:grants(Svc, alice))")
|
"Svc = identity:start(),\n identity:login(Svc, alice, web, read),\n identity:login(Svc, alice, mobile, read),\n identity:revoke_app(Svc, alice, web),\n length(identity:grants(Svc, alice))")
|
||||||
1)
|
1)
|
||||||
|
|
||||||
(id-acct-test
|
(id-acct-test
|
||||||
@@ -69,6 +90,13 @@
|
|||||||
"Svc = identity:start(),\n identity:login(Svc, alice, web, read),\n identity:login(Svc, bob, web, read),\n length(identity:grants(Svc, bob))")
|
"Svc = identity:start(),\n identity:login(Svc, alice, web, read),\n identity:login(Svc, bob, web, read),\n length(identity:grants(Svc, bob))")
|
||||||
1)
|
1)
|
||||||
|
|
||||||
|
(id-acct-test
|
||||||
|
"revoke_app is audited as a revoke"
|
||||||
|
(idanm
|
||||||
|
(ida-ev
|
||||||
|
"Svc = identity:start(),\n identity:login(Svc, alice, web, read),\n identity:revoke_app(Svc, alice, web),\n case identity:history(Svc, alice) of\n [login, issue, revoke] -> audited;\n Other -> Other\n end"))
|
||||||
|
"audited")
|
||||||
|
|
||||||
(define
|
(define
|
||||||
id-acct-test-summary
|
id-acct-test-summary
|
||||||
(str "account " id-acct-test-pass "/" id-acct-test-count))
|
(str "account " id-acct-test-pass "/" id-acct-test-count))
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
@@ -19,7 +19,7 @@ through the event log, all authorization questions delegated to `acl-on-sx`.
|
|||||||
|
|
||||||
## Status (rolling)
|
## Status (rolling)
|
||||||
|
|
||||||
`bash lib/identity/conformance.sh` → **229/229** (4 phases + 14 ext) — slow (~10min, run in background; internal timeout 1200)
|
`bash lib/identity/conformance.sh` → **233/233** (4 phases + 15 ext) — slow (~10min, run in background; internal timeout 1200)
|
||||||
|
|
||||||
## Ground rules
|
## Ground rules
|
||||||
|
|
||||||
@@ -88,12 +88,19 @@ lib/identity/api.sx ── (identity/login) (identity/grant?) (identity/revoke)
|
|||||||
- [x] pushed authorization requests (PAR, RFC 9126): single-use request_uri → consent
|
- [x] pushed authorization requests (PAR, RFC 9126): single-use request_uri → consent
|
||||||
- [x] dynamic client registration (RFC 7591): server-generated client_id + secret
|
- [x] dynamic client registration (RFC 7591): server-generated client_id + secret
|
||||||
- [x] "apps with access": `grants_for(Subject)` / `identity:grants` (per-subject active grants)
|
- [x] "apps with access": `grants_for(Subject)` / `identity:grants` (per-subject active grants)
|
||||||
|
- [x] "disconnect app": `revoke_app(Subject, Client)` — revoke all of a subject's grants for a client
|
||||||
- [x] unify `api.sx` over membership + audit (one facade, audited login/logout)
|
- [x] unify `api.sx` over membership + audit (one facade, audited login/logout)
|
||||||
- [x] subject-wide session management: `sessions(Subject)` + `logout_all` (log out everywhere)
|
- [x] subject-wide session management: `sessions(Subject)` + `logout_all` (log out everywhere)
|
||||||
- [x] token exchange (RFC 8693): downscope a token into a new independent token
|
- [x] token exchange (RFC 8693): downscope a token into a new independent token
|
||||||
- [x] RFC 7662 full introspection metadata (`introspect_full`: sub/client_id/scope/exp/iat/token_type)
|
- [x] RFC 7662 full introspection metadata (`introspect_full`: sub/client_id/scope/exp/iat/token_type)
|
||||||
|
|
||||||
## Progress log
|
## Progress log
|
||||||
|
- 2026-06-07 — "disconnect app" (ext): `identity_tokens:revoke_app(Subject,
|
||||||
|
Client)` revokes every grant a subject holds for one client at once (audited
|
||||||
|
one revoke per grant), exposed at the facade as `identity:revoke_app`. The
|
||||||
|
action counterpart to the `grants` view — completes the account-security
|
||||||
|
view+action pairs: sessions/logout_all, grants/revoke_app, history. Other
|
||||||
|
subjects' same-client grants are untouched. +4 → account 11, 233/233.
|
||||||
- 2026-06-07 — "apps with access" (ext): `identity_tokens:grants_for(Subject)`
|
- 2026-06-07 — "apps with access" (ext): `identity_tokens:grants_for(Subject)`
|
||||||
lists a subject's ACTIVE grants as `[{Client, Scope}]` (revoked excluded),
|
lists a subject's ACTIVE grants as `[{Client, Scope}]` (revoked excluded),
|
||||||
exposed through the facade as `identity:grants(Subject)`. Completes the
|
exposed through the facade as `identity:grants(Subject)`. Completes the
|
||||||
|
|||||||
Reference in New Issue
Block a user