Remove refresh token as well on logout

auth0 · Mar 6, 2021 · d46f61d · d46f61d
1 parent 2ad756e
commit d46f61d
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 1 deletion.
diff --git a/internal/auth/auth.go b/internal/auth/auth.go
@@ -36,6 +36,8 @@ type SecretStore interface {
 	Set(namespace, key, value string) error
 	// Get gets the secret
 	Get(namespace, key string) (string, error)
+	// Delete removes the secret
+	Delete(namespace, key string) error
 }
 
 type Authenticator struct {

diff --git a/internal/auth/secrets.go b/internal/auth/secrets.go
@@ -13,3 +13,8 @@ func (k *Keyring) Set(namespace, key, value string) error {
 func (k *Keyring) Get(namespace, key string) (string, error) {
 	return keyring.Get(namespace, key)
 }
+
+// Delete deletes a value for the given namespace and key.
+func (k *Keyring) Delete(namespace, key string) error {
+	return keyring.Delete(namespace, key)
+}
diff --git a/internal/auth/token.go b/internal/auth/token.go
@@ -22,6 +22,11 @@ type TokenRetriever struct {
 	Client  *http.Client
 }
 
+// Delete deletes the given tenant from the secrets storage.
+func (t *TokenRetriever) Delete(tenant string) error {
+	return t.Secrets.Delete(secretsNamespace, tenant)
+}
+
 // Refresh gets a new access token from the provided refresh token,
 // The request is used the default client_id and endpoint for device authentication.
 func (t *TokenRetriever) Refresh(ctx context.Context, tenant string) (TokenResponse, error) {

diff --git a/internal/cli/cli.go b/internal/cli/cli.go
@@ -259,7 +259,12 @@ func (c *cli) removeTenant(ten string) error {
 	}
 
 	if err := c.persistConfig(); err != nil {
-		return fmt.Errorf("persisting config: %w", err)
+		return fmt.Errorf("Unexpected error persisting config: %w", err)
+	}
+
+	tr := &auth.TokenRetriever{Secrets: &auth.Keyring{}}
+	if err := tr.Delete(ten); err != nil {
+		return fmt.Errorf("Unexpected error clearing tenant information: %w", err)
 	}
 
 	return nil