[Unity-idm-discuss] Oauth Token revocation

[Sander A. <sa....@fz...>]

Hi Krzysztof,

We try to use the token revocation mechanism. If we user user_id, we
get an error about missing client_id. "Invalid request; To access the
token revocation endpoint a client_id must be provided". It seems that
there is a mistake in the example from manual.

If we provide client_id, we get an error about missing token type:
"Invalid request; To access the token revocation endpoint a token type
must be provided". Can you please add this necessary parameter in the
manual?

If we provide the token type, we end up in a invalid scope
error: " Retuning OAuth error response: invalid_scope: Invalid, unknown
or
malformed scope; Insufficent scope to perform full logout." Do we need
to enable the token revocation scope in unity explicit? How does the
valid request looks like?

We request the scopes profile email and single-logout.
The parameters we send in revocation request:

r = requests.post(auth_server + "/oauth2/revoke",
        headers={ 'Content-Type': 'application/x-www-form-urlencoded'},
        data={ 'token': auth_state['access_token'],
               'client_id': CLIENT_ID,
               'token_type_hint': 'access_token',
               'token_type': 'Bearer',
               'logout': 'true', }
    )

auth_state['access_token'] contains the bearer token and CLIENT_ID the
client id.

Best regards,
Sander
-- 
Federated Systems and Data
Juelich Supercomputing Centre

phone: +49 2461 61 8847
fax: +49 2461 61 6656
email: sa....@fz...

----------------------------------------------------------------------
-----------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender),
Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
-----------------------------------------------------------------------
-----------------------------------------------------------------------