Add code to determine if client authentication is required for OAuth2 endpoint "revocation"

1 files changed, 12 insertions, 0 deletions

diff --git a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
index aa3b89c..9ddcc1e 100644
--- a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
+++ b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
@@ -32,6 +32,18 @@ class RevocationEndpointTest(TestCase):
             self.assertEqual(h, {})
             self.assertEqual(b, '')
             self.assertEqual(s, 200)
+    
+    def test_revoke_token_without_client_authentication(self):
+        self.validator.client_authentication_required.return_value = False
+        self.validator.authenticate_client.return_value = False        
+        for token_type in ('access_token', 'refresh_token', 'invalid'):
+            body = urlencode([('token', 'foo'),
+                              ('token_type_hint', token_type)])
+            h, b, s = self.endpoint.create_revocation_response(self.uri,
+                    headers=self.headers, body=body)
+            self.assertEqual(h, {})
+            self.assertEqual(b, None)
+            self.assertEqual(s, 200)
 
     def test_revoke_token_without_client_authentication(self):
         self.validator.client_authentication_required.return_value = False