I want to revoke a token provided to the user through an OAuth2 login. I want to do an HTTP POST request from a JavaScript app. The WSO2 documentation provides a Curl example.
Tried:
Tried with curl by providing the syntax. It works perfectly fine curl -X POST --basic -u "clientid:clientsecret" -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "token=tokenfromwso2&token_type_hint=access_token" https://localhost:9443/oauth2/revoke
Tried to do the same using Http Request but the server returned 500 internal server error.
Header:
POST /oauth2/revoke HTTP/1.1
Host: localhost:9443
Connection: keep-alive
Content-Length: 14
Accept: application/json, text/plain, */*
Origin: http://localhost:4200
Authorization: Basic clientid:clientsecret
User-Agent: Mozilla/5.0 (BB10; Touch) AppleWebKit/537.10+ (KHTML, like Gecko) Version/10.0.9.2372 Mobile Safari/537.10+
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Referer: http://localhost:4200/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Body:
{"token":access_token}
Grant Type is not implicit so I do not want the user to redirect to wso2 Identity server. I even tried to encode the client id secret but that too returned an internal server error.
You need to base64 encode the client id and secret. Also, you need to provide the token as url encoded value. What you have given is a json payload for the body. Sample request can be found below.