Fix auth token revocation (#157)

lib/googleauth/user_refresh.rb

@@ -94,7 +94,7 @@ module Google
         c = options[:connection] || Faraday.default_connection
 
         retry_with_error do
-          resp = c.get(REVOKE_TOKEN_URI, token: refresh_token || access_token)
+          resp = c.post(REVOKE_TOKEN_URI, token: refresh_token || access_token)
           case resp.status
           when 200
             self.access_token = nil

spec/googleauth/user_authorizer_spec.rb

@@ -299,17 +299,17 @@ describe Google::Auth::UserAuthorizer do
 
     before(:example) do
       token_store.store('user1', token_json)
-      stub_request(
+      stub_request(:post, 'https://oauth2.googleapis.com/revoke')
-        :get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
+        .with(body: hash_including('token' => 'refreshtoken'))
-      )
         .to_return(status: 200)
     end
 
     it 'should revoke the grant' do
       authorizer.revoke_authorization('user1')
       expect(a_request(
-               :get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
+               :post, 'https://oauth2.googleapis.com/revoke'
-      ))
+             ).with(body: hash_including('token' => 'refreshtoken'))
+      )
         .to have_been_made
     end
 

spec/googleauth/user_refresh_spec.rb

@@ -246,8 +246,8 @@ describe Google::Auth::UserRefreshCredentials do
 
   describe 'when revoking a refresh token' do
     let(:stub) do
-      stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
+      stub_request(:post, 'https://oauth2.googleapis.com/revoke')
-                         '?token=refreshtoken')
+        .with(body: hash_including('token' => 'refreshtoken'))
         .to_return(status: 200,
                    headers: { 'Content-Type' => 'application/json' })
     end
@@ -262,8 +262,8 @@ describe Google::Auth::UserRefreshCredentials do
 
   describe 'when revoking an access token' do
     let(:stub) do
-      stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
+      stub_request(:post, 'https://oauth2.googleapis.com/revoke')
-                         '?token=accesstoken')
+        .with(body: hash_including('token' => 'accesstoken'))
         .to_return(status: 200,
                    headers: { 'Content-Type' => 'application/json' })
     end
@@ -280,8 +280,8 @@ describe Google::Auth::UserRefreshCredentials do
 
   describe 'when revoking an invalid token' do
     let(:stub) do
-      stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
+      stub_request(:post, 'https://oauth2.googleapis.com/revoke')
-                         '?token=refreshtoken')
+        .with(body: hash_including('token' => 'refreshtoken'))
         .to_return(status: 400,
                    headers: { 'Content-Type' => 'application/json' })
     end
@@ -296,14 +296,14 @@ describe Google::Auth::UserRefreshCredentials do
 
   describe 'when errors occurred with request' do
     it 'should fail with Signet::AuthorizationError if request times out' do
-      allow_any_instance_of(Faraday::Connection).to receive(:get)
+      allow_any_instance_of(Faraday::Connection).to receive(:post)
         .and_raise(Faraday::TimeoutError)
       expect { @client.revoke! }
         .to raise_error Signet::AuthorizationError
     end
 
     it 'should fail with Signet::AuthorizationError if request fails' do
-      allow_any_instance_of(Faraday::Connection).to receive(:get)
+      allow_any_instance_of(Faraday::Connection).to receive(:post)
         .and_raise(Faraday::ConnectionFailed, nil)
       expect { @client.revoke! }
         .to raise_error Signet::AuthorizationError