Github auth provider - revoke token on logout

extensions/github-authentication/src/github.ts

@@ -142,7 +142,9 @@ export class GitHubAuthenticationProvider {
 	public async logout(id: string) {
 		const sessionIndex = this._sessions.findIndex(session => session.id === id);
 		if (sessionIndex > -1) {
-			this._sessions.splice(sessionIndex, 1);
+			const session = this._sessions.splice(sessionIndex, 1)[0];
+			const token = await session.getAccessToken();
+			await this._githubServer.revokeToken(token);
 		}
 
 		this.storeSessions();

extensions/github-authentication/src/githubServer.ts

@@ -156,4 +156,46 @@ export class GitHubServer {
 			});
 		});
 	}
+
+	public async revokeToken(token: string): Promise<void> {
+		return new Promise(async (resolve, reject) => {
+			const callbackUri = await vscode.env.asExternalUri(vscode.Uri.parse(`${vscode.env.uriScheme}://vscode.github-authentication/did-authenticate`));
+			const clientDetails = ClientRegistrar.getClientDetails(callbackUri);
+			const detailsString = `${clientDetails.id}:${clientDetails.secret}`;
+
+			const payload = JSON.stringify({ access_token: token });
+
+			Logger.info('Revoking token...');
+			const post = https.request({
+				host: 'api.github.com',
+				path: `/applications/${clientDetails.id}/token`,
+				method: 'DELETE',
+				headers: {
+					Authorization: `Basic ${Buffer.from(detailsString).toString('base64')}`,
+					'User-Agent': 'Visual-Studio-Code',
+					'Content-Type': 'application/json',
+					'Content-Length': Buffer.byteLength(payload)
+				}
+			}, result => {
+				const buffer: Buffer[] = [];
+				result.on('data', (chunk: Buffer) => {
+					buffer.push(chunk);
+				});
+				result.on('end', () => {
+					if (result.statusCode === 204) {
+						Logger.info('Revoked token!');
+						resolve();
+					} else {
+						reject(new Error(result.statusMessage));
+					}
+				});
+			});
+
+			post.write(payload);
+			post.end();
+			post.on('error', err => {
+				reject(err);
+			});
+		});
+	}
 }