I am Using OAuth2 of PingFedarate I am able to successfully log in. Now is the question of how to call the API to log out and what is the parameter for that? Below is the example code I am using for revoke using curl request.
When I run the revoke script, it deletes the access_token and shows that the configuration failed.
But when I run my OAuth2 main script for login it automatically gets logged in: a new token is generated. In the below code refresh code when I revoke the token, I should get my login page to enter the login credentials again but it is not happening.
$objectData=array();$curl=curl_init();define('OAUTH2_TOKEN_URL','https://abcd.com/as/revoke_token.oauth2?');define('OAUTH2_CLIENT_ID', 'abcd');define('OAUTH2_ACCESS_TOKEN', 'hfefhhjfhj');define('OAUTH2_ACCESS_TOKEN_HINT_TYPE','refresh_token');define('OAUTH2_CLIENT_SECRET','bhfbfhjbhjbjbnvjevfbrfhrefbjebf');define('OAUTH2_REDIRECT_URI', 'https://www.abcde.com/Oauth/PingRedirect.php');define('OAUTH2_GRANT_TYPE', 'authorization_code');
$params = array(CURLOPT_URL => OAUTH2_TOKEN_URL."client_id=".OAUTH2_CLIENT_ID."&token=".OAUTH2_ACCESS_TOKEN."&token_type_hint=".OAUTH2_ACCESS_TOKEN_HINT_TYPE."&client_secret=".OAUTH2_CLIENT_SECRET."&redirect_uri=".OAUTH2_REDIRECT_URI,CURLOPT_RETURNTRANSFER => true,CURLOPT_MAXREDIRS => 10,CURLOPT_TIMEOUT => 30,CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,CURLOPT_CUSTOMREQUEST => "POST",CURLOPT_NOBODY => false,CURLOPT_HTTPHEADER => array("cache-control: no-cache","content-type: application/x-www-form-urlencod",accept: *","accept-encoding: gzip, deflate",),);curl_setopt_array($curl, $params);$response = curl_exec($curl);$objectData=json_decode($response);
For logout with OAuth use cases, you should be considering SLO or the session revocation features. Access Token and Refresh Token revocation itself does not affect existing web sessions. You could also rely on Authentication Sessions and their validity to affect Access Token validation.
More details on some of the options available are here: