@jackdbd/fastify-revocation-endpoint
Advanced tools
Fastify plugin that adds an [IndieAuth Token Revocation endpoint](https://indieauth.spec.indieweb.org/#token-revocation) to a Fastify server.
Fastify plugin that adds an IndieAuth Token Revocation endpoint to a Fastify server.
npm install @jackdbd/fastify-revocation-endpoint
Options for the Fastify revocation-endpoint plugin
Properties
| Name | Type | Description | Required |
|---|---|---|---|
| ajv | Instance of Ajv | no | |
| includeErrorDescription | boolean | Whether to include an error_description property in all error responses. This is meant to assist the client developer in understanding the error. This is NOT meant to be shown to the end user.Default: false | no |
| isAccessTokenRevoked | Function | Predicate function that returns true if a jti (JSON Web Token ID) is revoked. | yes |
| issuer | string | The authorization server's issuer identifier. It's a URL that uses the "https" scheme and has no query or fragment components. It MUST also be a prefix of the indieauth-metadata URL. Format: "uri" | yes |
| jwksUrl (JWKS public URL) | object | URL where the public JSON Web Key Set is hosted. | yes |
| logPrefix | string | Default: "revocation-endpoint " | no |
| maxAccessTokenAge | string | Minimal Length: 1 | no |
| me | yes | ||
| reportAllAjvErrors (report all AJV errors) | boolean | Whether to report all AJV validation errors. Default: false | no |
| retrieveAccessToken | Function | Function that retrieves an access token from a storage backend. | yes |
| retrieveRefreshToken | Function | Function that retrieves a refresh token from a storage backend. | yes |
| revokeAccessToken | Function | Handler invoked when the token revocation endpoint has met all requirements to revoke a token. You should use it to mark the access token as revoked in your storage backend. | yes |
| revokeRefreshToken | Function | Handler invoked when the token revocation endpoint has met all requirements to revoke a token. You should use it to mark the refresh token as revoked in your storage backend. | yes |
Example
{
"includeErrorDescription": false,
"jwksUrl": {},
"logPrefix": "revocation-endpoint ",
"reportAllAjvErrors": false
}
URL where the public JSON Web Key Set is hosted.
Properties
| Name | Type | Description | Required |
|---|---|---|---|
| hash | string | yes | |
| host | string | yes | |
| href | string | yes | |
| hostname | string | yes | |
| origin | string | yes | |
| password | string | yes | |
| pathname | string | yes | |
| port | string | yes | |
| protocol | string | yes | |
| search | string | yes | |
| searchParams | yes | ||
| username | string | yes | |
| toJSON | yes |
Additional Properties: allowed
| Package | Version |
|---|---|
| @fastify/formbody | ^8.0.2 |
| @fastify/response-validation | ^3.0.3 |
| @jackdbd/indieauth | ^0.0.0-canary.1 |
| @jackdbd/oauth2 | ^0.0.0-canary.1 |
| @jackdbd/oauth2-error-responses | ^0.0.0-canary.1 |
| @jackdbd/oauth2-tokens | ^0.0.0-canary.1 |
| @jackdbd/schema-validators | ^0.0.0-canary.1 |
| @sinclair/typebox | ^0.34.14 |
| ajv | ^8.17.1 |
| ajv-formats | ^3.0.1 |
| fastify-plugin | ^5.0.1 |
⚠️ Peer Dependencies
This package defines 1 peer dependency.
| Peer | Version range |
|---|---|
fastify | >=5.0.0 |
© 2024 - 2025 Giacomo Debidda // MIT License
FAQs
Fastify plugin that adds an [IndieAuth Token Revocation endpoint](https://indieauth.spec.indieweb.org/#token-revocation) to a Fastify server.
The npm package @jackdbd/fastify-revocation-endpoint receives a total of 7 weekly downloads. As such, @jackdbd/fastify-revocation-endpoint popularity was classified as not popular.
We found that @jackdbd/fastify-revocation-endpoint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Vite releases Rolldown-Vite, a Rust-based bundler preview offering faster builds and lower memory usage as a drop-in replacement for Vite.
Research
Security News
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
Research
Security News
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.