Comments (4)
Nevermind, with a bit more digging I found this; https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
Which should be considered the only answer on how the revoke
/logout
feature should be handled.
from react-oauth2-pkce.
Hi, thanks for reporting this bug. I will have a look at it as soon as I got some time on my hands.
Could you provide which URL(logout url) and auth provider you are experiencing this with?
from react-oauth2-pkce.
Hi there 👋
It's a custom auth provider. I noticed the logoutRedirect is never used in your source code.
I'm using a not so good workaround which is basicly redirecting the user to the logout url after logging out.
from react-oauth2-pkce.
Thanks, yes I saw that as well 😐
Will add that ASAP. Just to make sure. Your custom auth provider expects a POST request with the AUTHENTICATION header and no body right?
This has been postponed as it's not described in the OAuth2 spec, but many providers support this features. The problem is they might expect many different request.
Ether way, Keycloak expects this;
Headers
{
"Authorization" : "Bearer <access_token>",
"Content-Type" : "application/x-www-form-urlencoded"
}
Body
{
"client_id" : "<client_id>",
"refresh_token" : "<refresh_token>"
}
Method
POST
Which I think can be considered a somewhat unofficial standard
from react-oauth2-pkce.
Related Issues (20)
- 💡 [REQUEST] - To refresh the access token without triggering login() HOT 2
- Bug: Fail to get token from a Spring Security server HOT 2
- Compatibility with ie11 HOT 1
- 💡 [REQUEST] - Add ability to add headers to requests HOT 6
- 💡 [REQUEST] - Scope parameter is not supported on an authorization code access_token exchange request HOT 8
- Bug: Client authentication with confidential access isn't working HOT 6
- Bug: Redirects replace instead of creating a history entry HOT 2
- 💡 [REQUEST] - Parse (refresh) token expiration from token payload HOT 5
- 💡 [REQUEST] - Refresh access token without resetting the refresh token HOT 1
- Bug: "codeVerifier" and "state" are stored in sessionStorage despite "storage" parameter being "local" HOT 4
- Bug: Does not work correctly if routing type is hash HOT 2
- 💡 [Feature] - Ability to send custom headers in the authorization, token requests HOT 6
- 💡 [REQUEST] - Pass extra parameters to login()-function
- 💡 [FEATURE] - Option in login()-function to not redirect, but instead do it in an iframe or popup HOT 1
- 💡 [REQUEST] - Enhance Logout Functionality HOT 2
- 💡 [Feature] - `postLogout`-callback HOT 2
- 💡 [Feature] - Allow for passing arbitrary arguments to `logOut()`
- Bug: codeVerifier is not set in sessionStorage (sometimes) HOT 4
- Bug: Refresh token has a fixed expiration time HOT 1
- /authorized?code complains 404 Not Found HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react-oauth2-pkce.