add support for token revocation

controllers/auth.php

@@ -278,6 +278,8 @@ $app->get('/signout', function() use($app) {
 
 $app->post('/auth/reset', function() use($app) {
   if($user=require_login($app, false)) {
+    revoke_micropub_token($user->micropub_access_token, $user->token_endpoint);
+
     $user->authorization_endpoint = '';
     $user->token_endpoint = '';
     $user->micropub_endpoint = '';
@@ -286,7 +288,7 @@ $app->post('/auth/reset', function() use($app) {
     $user->micropub_scope = '';
     $user->micropub_access_token = '';
     $user->save();
-    
+
     unset($_SESSION['auth']);
     unset($_SESSION['me']);
     unset($_SESSION['auth_state']);

lib/helpers.php

@@ -223,6 +223,17 @@ function micropub_get($endpoint, $params, $access_token) {
   );
 }
 
+function revoke_micropub_token($access_token, $token_endpoint) {
+  $ch = curl_init();
+  curl_setopt($ch, CURLOPT_URL, $token_endpoint);
+  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+  curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
+    'action' => 'revoke',
+    'token' => $access_token,
+  ]));
+  curl_exec($ch);
+}
+
 function parse_headers($headers) {
   $retVal = array();
   $fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $headers));

views/settings.php

@@ -29,7 +29,7 @@
         <input type="button" class="btn btn-default" value="Reset Login" id="reset-login">
       </td>
       <td>
-        Clicking this button will erase the access token Quill has stored for you, forget all cached endpoints, and sign you out. If you sign back in, you will start over and see the debugging screens and scope options again.
+        Clicking this button will tell your token endpoint to revoke the token, Quill will forget the access token stored, forget all cached endpoints, and sign you out. If you sign back in, you will start over and see the debugging screens and scope options again.
       </td>
     </tr>
   </table>