How to clear session when revoke token ? #262

gth7754125 · 2021-03-17T08:35:27Z

Describe the bug
The revoke token api seems need these arguments:

tokenValue
token_type_hint
3)client id and client secret
Can it remove client id and client secret ? my client just keep a client id, it can not access Authentication Server directly bacause it lacks of client secret.

Expected behavior
Can it just pass a token and token_type_hint to revoke token ?
Or else i can not clear the session(client and Authentication Server) because resource server sits between them.

jgrandja · 2021-03-19T18:18:43Z

@gth7754125 The client MUST authenticate at the Revocation endpoint.

See 2.1. Revocation Request:

The client also includes its authentication credentials as described
in Section 2.3. of [RFC6749]

Please review the spec for more details.

gth7754125 added the type: bug A general bug label Mar 17, 2021

jgrandja closed this as completed Mar 19, 2021

jgrandja self-assigned this Mar 19, 2021

jgrandja added status: invalid An issue that we don't feel is valid and removed type: bug A general bug labels Mar 19, 2021

sjohnr mentioned this issue Jul 5, 2022

Add different authentication options for the token revocation endpoint #796

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to clear session when revoke token ? #262

How to clear session when revoke token ? #262

gth7754125 commented Mar 17, 2021

jgrandja commented Mar 19, 2021

How to clear session when revoke token ? #262

How to clear session when revoke token ? #262

Comments

gth7754125 commented Mar 17, 2021

jgrandja commented Mar 19, 2021