Before Revoke Token Worker Code Sample

JFrog Platform Administration Documentation
Content Type
Administration / Platform

The following section provides a sample code for a Before Revoke Token worker.

export default async (context: PlatformContext, data: BeforeRevokeTokenRequest): Promise<BeforeRevokeTokenResponse> => {

    let status: RevokeTokenStatus = RevokeTokenStatus.REVOKE_TOKEN_PROCEED;
    let message = 'Overwritten by worker-service if an error occurs.';

    if (data.token.description?.startsWith('protected')) {
        console.log(`Token description starts with 'protected'. Checking if it is the last protected token.`);
        try {
            // The in-browser HTTP client facilitates making calls to the JFrog REST APIs
            //To call an external endpoint, use 'await context.clients.axios.get("https://foo.com")'
            const res = await context.clients.platformHttp.get('/access/api/v1/tokens?description=protected*');

            // You should reach this part if the HTTP request status is successful (HTTP Status 399 or lower)
            if (res.status === 200) {
                const protectedTokensCount = res.data.tokens?.length;
                console.log(`Number of protected tokens: ${protectedTokensCount}`);
                // If request includes multiple tokens to revoke, worker code will be executed for each token
                // In such case the last protected token may be revoked
                if (protectedTokensCount <= 1) {
                    status = RevokeTokenStatus.REVOKE_TOKEN_STOP;
                    message = 'Revocation of the last protected token is not allowed';
                    console.warn(message);
                }
            } else {
                status = RevokeTokenStatus.REVOKE_TOKEN_WARN;
                console.warn(`Request is successful but returned status other than 200. Status code : ${ res.status }`);
            }
        } catch(error) {
            // The platformHttp client throws PlatformHttpClientError if the HTTP request status is 400 or higher
            status = RevokeTokenStatus.REVOKE_TOKEN_STOP;
            console.error(`Request failed with status code ${ error.status || '<none>' } caused by : ${ error.message }`);
        }
    }

    return {
        status,
        message,
    }
};

Input Parameters

context

Provides baseUrl, token, and clients to communicate with the JFrog Platform (for more information, see PlatformContext).

data

The request with details sent by Access.

{
    token: {
        id: 'id',
        subject: 'user',
        owner: 'jfwks@000',
        scope: 'applied-permissions/user',
        audience: '*@*',
        expirationTime: 1717171717,
        created: 1717161717,
        type: 'generic',
        username: 'username',
        description: 'description',
        projectKey: 'projectKey',
    },
    userContext: { id: 'id', isToken: false, realm: 'realm' },
}
Response
{
  "status": RevokeTokenStatus.REVOKE_TOKEN_PROCEED,
  "message": "Overwritten by worker-service if an error occurs.",
  "executionStatus": "STATUS_SUCCESS"
}
Possible Statuses

  • RevokeTokenStatus.REVOKE_TOKEN_PROCEED - The worker allows Artifactory to proceed with revoking a token.

  • RevokeTokenStatus.REVOKE_TOKEN_STOP - The worker does not allow Artifactory to revoke a token.

  • RevokeTokenStatus.REVOKE_TOKEN_WARN - The worker provides a warning before Artifactory can proceed with revoking a token.