oidc-client-ts icon indicating copy to clipboard operation
oidc-client-ts copied to clipboard

Published 20 hours ago verified publisher icon authts

Revoke Token Request doesn't respect client_authentication settings

Open approached opened this issue 3 years ago • 2 comments
trafficstars

Hi @all

Revoke Token Request doesn't respect client_authentication settings

TokenRequest: https://github.com/authts/oidc-client-ts/blob/1f4390bd2a2f0e2670a63e712ccf4c23df31ae55/src/TokenClient.ts#L133 RevokeRequest: https://github.com/authts/oidc-client-ts/blob/1f4390bd2a2f0e2670a63e712ccf4c23df31ae55/src/TokenClient.ts#L180

In RFC there is a example: https://datatracker.ietf.org/doc/html/rfc7009#section-2.1


     POST /revoke HTTP/1.1
     Host: server.example.com
     Content-Type: application/x-www-form-urlencoded
     Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

     token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token

This request will used a Authorization: Basic.

approached avatar Nov 02 '22 11:11 approached

I guess its time to move the switch block (which we have already two times) into its own private function and make use of it for revoke too...

pamapa avatar Nov 03 '22 07:11 pamapa

Would be nice if you could provide a merge request for this...

pamapa avatar Nov 08 '22 18:11 pamapa