RevokeHandler.prototype.getAccessToken = function(token, client) {
  return Promise.try(promisify(this.model.getAccessToken, 1), token)
    .then(function(accessToken) {
      if (!accessToken) {
        throw new InvalidTokenError('Invalid token: access token is invalid');
      }

      if (!accessToken.client) {
        throw new ServerError('Server error: `getAccessToken()` did not return a `client` object');
      }

      if (!accessToken.user) {
        throw new ServerError('Server error: `getAccessToken()` did not return a `user` object');
      }

      if (accessToken.client.id !== client.id) {
        throw new InvalidClientError('Invalid client: client is invalid');
      }

      if (accessToken.accessTokenExpiresAt && !(accessToken.accessTokenExpiresAt instanceof Date)) {
        throw new ServerError('Server error: `expires` must be a Date instance');
      }

      if (accessToken.accessTokenExpiresAt && accessToken.accessTokenExpiresAt < new Date()) {
        throw new InvalidTokenError('Invalid token: access token has expired.');
      }

      return accessToken;
    });
};
RevokeHandler.prototype.revokeToken = function(token) {
  return Promise.try(promisify(this.model.revokeToken, 1), token)
    .then(function(token) {
      if (!token) {
        throw new InvalidTokenError('Invalid token: token is invalid');
      }

      return token;
    });
};
RevokeHandler.prototype.getClient = function(request, response) {
  var credentials = this.getClientCredentials(request);

  if (!credentials.clientId) {
    throw new InvalidRequestError('Missing parameter: `client_id`');
  }

  if (!credentials.clientSecret) {
    throw new InvalidRequestError('Missing parameter: `client_secret`');
  }

  if (!is.vschar(credentials.clientId)) {
    throw new InvalidRequestError('Invalid parameter: `client_id`');
  }

  if (!is.vschar(credentials.clientSecret)) {
    throw new InvalidRequestError('Invalid parameter: `client_secret`');
  }

  return Promise.try(promisify(this.model.getClient, 2), [credentials.clientId, credentials.clientSecret])
    .then(function(client) {
      if (!client) {
        throw new InvalidClientError('Invalid client: client is invalid');
      }

      if (!client.grants) {
        throw new ServerError('Server error: missing client `grants`');
      }

      if (!(client.grants instanceof Array)) {
        throw new ServerError('Server error: `grants` must be an array');
      }

      return client;
    })
    .catch(function(e) {
      // Include the "WWW-Authenticate" response header field if the client
      // attempted to authenticate via the "Authorization" request header.
      //
      // @see https://tools.ietf.org/html/rfc6749#section-5.2.
      if ((e instanceof InvalidClientError) && request.get('authorization')) {
        response.set('WWW-Authenticate', 'Basic realm="Service"');

        throw new InvalidClientError(e, { code: 401 });
      }

      throw e;
    });
};