CognitoIDP: sign_out() should invalidate AccessToken (#5794)

2022-12-20 21:09:02 -01:00 · 2022-12-20 21:09:02 -01:00 · bdef72d481
commit bdef72d481
parent 027572177d
2 changed files with 10 additions and 0 deletions
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@ -627,6 +627,10 @@ class CognitoIdpUserPool(BaseModel):
            _, logged_in_user = token_tuple
            if username == logged_in_user:
                self.refresh_tokens[token] = None
+        for access_token, token_tuple in list(self.access_tokens.items()):
+            _, logged_in_user = token_tuple
+            if username == logged_in_user:
+                self.access_tokens.pop(access_token)


 class CognitoIdpUserPoolDomain(BaseModel):
--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@ -3212,6 +3212,12 @@ def test_global_sign_out():
    err["Code"].should.equal("NotAuthorizedException")
    err["Message"].should.equal("Refresh Token has been revoked")

+    with pytest.raises(ClientError) as ex:
+        conn.get_user(AccessToken=result["access_token"])
+
+    err = ex.value.response["Error"]
+    err["Code"].should.equal("NotAuthorizedException")
+

@mock_cognitoidp
 def test_global_sign_out_unknown_accesstoken():