Error messages with status 503 and message temporarily_unavailable when revoking access and refresh tokens sequentially

[mih-kopylov]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

When revoking access and refresh tokens sequentially, Hydra returns HTTP 200 status, but writes an error message to logs on the second call.

As I see, there're two issues here.

1. There should be no error message. The case is not about an error at all, it's just a regular case. It looks more a debug level for me.
2. The error message is totally opaque and therefore useless. The https://github.com/ory/fosite/blob/master/handler/oauth2/revocation.go#L89 gets two errors and produces one, hiding the original errors, so there's no way to figure out the root cause of the error. I would suggest keeping the context of the root errors when returning a new one.

Reproducing the bug

• Authorize and get access_token and refresh_token pair
• Call /oauth2/revoke with access_token
• Call /oauth2/revoke with refresh_token
• Note an error message in logs "error":{"debug":"","message":"temporarily_unavailable","reason":"","status":"Service Unavailable","status_code":503}

Relevant log output

"error":{"debug":"","message":"temporarily_unavailable","reason":"","status":"Service Unavailable","status_code":503}

Relevant configuration

No response

Version

oryd/hydra:v1.11.10

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes

Additional Context

No response