auth-module
auth-module copied to clipboard
nuxt-community
Discord revoke token Method Not Allowed
Any versions
Nuxt configuration
discord: {
scheme: "oauth2",
endpoints: { //Endpoint oauth2 https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-urls
authorization: 'https://discord.com/api/oauth2/authorize',
token: 'https://discord.com/api/oauth2/token',
userInfo: 'http://discordapp.com/api/users/@me',
logout: 'https://discord.com/api/oauth2/token/revoke'
},
token: {
property: 'access_token',
type: 'Bearer',
name: 'Authorization',
maxAge: 5*60 // Can be dynamic ?
},
refreshToken: {
property: 'refresh_token',
maxAge: 60 * 60 * 10 // Can be dynamic ?
},
responseType: 'code',
grantType: 'authorization_code',
clientId: '',
clientSecret: '',
scope: ['email'], //Scopes https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-scopes
codeChallengeMethod: '',
autoLogout: true
},
-->
Reproduction
Create a button --> <a @click="logout()">Logout</a>
methods: {
logout() {
this.$auth.logout();
},
},
};
The request is made in client side, with a GET request, Discord only accept POST requests
What is expected?
Logging out and redirecting to the main page (defined in the config)
What is actually happening?
Sending a GET request, does logout but doesn't revoke the access token and print the API error message ( {"message": "405: Method Not Allowed", "code": 0} )
I was able to reproduce this issue using the Discord documentation.
And I have something to add to the Issue: In accordance with the relevant RFCs, the token and token revocation URLs will only accept a content type of application/x-www-form-urlencoded. JSON content is not permitted and will return an error.
https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-urls
I am still able to reproduce this issue
Version 5.0.0-1648802546.c9880dc
So I think, this module is not really maintained anymore. We need an option for every Provider to specific the Request Method. I don't know if we should implement this.