fix: when TokenRevocationStorage.GetRefreshTokenSession return fosite.ErrInactiveToken, handle fosite.ErrInactiveToken

handler/oauth2/revocation.go

@@ -80,8 +80,9 @@ func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string,
 }
 
 func storeErrorsToRevocationError(err1, err2 error) error {
-	// both errors are 404 or nil <=> the token is revoked
-	if (errors.Is(err1, fosite.ErrNotFound) || err1 == nil) && (errors.Is(err2, fosite.ErrNotFound) || err2 == nil) {
+	// both errors are fosite.ErrNotFound and fosite.ErrInactiveToken or nil <=> the token is revoked
+	if (errors.Is(err1, fosite.ErrNotFound) || errors.Is(err1, fosite.ErrInactiveToken) || err1 == nil) &&
+		(errors.Is(err2, fosite.ErrNotFound) || errors.Is(err2, fosite.ErrInactiveToken) || err2 == nil) {
 		return nil
 	}
 

handler/oauth2/revocation_test.go

@@ -161,6 +161,35 @@ func TestRevokeToken(t *testing.T) {
 				store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
 			},
 		},
+		{
+
+			description: "should pass - refresh token discovery first; refresh token is inactive",
+			expectErr:   nil,
+			client:      &fosite.DefaultClient{ID: "bar"},
+			mock: func() {
+				token = "foo"
+				tokenType = fosite.RefreshToken
+				rtStrat.EXPECT().RefreshTokenSignature(gomock.Any(), token)
+				store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrInactiveToken)
+
+				atStrat.EXPECT().AccessTokenSignature(gomock.Any(), token)
+				store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
+			},
+		},
+		{
+			description: "should pass - access token discovery first; refresh token is inactive",
+			expectErr:   nil,
+			client:      &fosite.DefaultClient{ID: "bar"},
+			mock: func() {
+				token = "foo"
+				tokenType = fosite.AccessToken
+				atStrat.EXPECT().AccessTokenSignature(gomock.Any(), token)
+				store.EXPECT().GetAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrNotFound)
+
+				rtStrat.EXPECT().RefreshTokenSignature(gomock.Any(), token)
+				store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, fosite.ErrInactiveToken)
+			},
+		},
 		{
 			description: "should fail - store error for access token get",
 			expectErr:   fosite.ErrTemporarilyUnavailable,