Reputation: 465
Oauth2 revoke access token from Implicit grant type
How can I revoke an access token obtained from an implicit grant ?
The API POST https://localhost:9443/oauth2/revoke requires the authentication header with both client_id/client_secret https://docs.wso2.com/display/IS520/OAuth2+Token+Revocation
But for client logged in using implicit grant, they don't have client_secret and they should be able to revoke the accessToken
Is there another way to revoke access token from implicit in WSO2IS
Regards,
Upvotes: 3
Views: 1190
Answers (3)
Reputation: 91
You can revoke an OAuth2 implicit access token using below cURL.
- ACCESS_TOKEN_TO_BE_REVOKED: The access token to be revoked
CLIENT_ID: Client key
curl -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "token=ACCESS_TOKEN_TO_BE_REVOKED&token_type_hint=access_token&client_id=CLIENT_ID" http://localhost:8243/revoke
Upvotes: 2
Reputation: 465
I got it working looking at the source code. You cannot pass an empty client secret in the basic authentication, but you can leave client secret empty if you put only the client_id as a url parameter... Should definitely be in the documentation
Upvotes: 2
Related Questions
- wso2 revoke api is not revoking the token
- wso2 identity server: Oauth 2.0 custom grant is not working for 5.11
- Server Get a refresh token with an access token using WSO2 Identity Server
- WSO2 Identity Server 5.7.0 Revoke Method don't work
- wso2is: Is there a way to remove a token
- API Manager OAuth Token Revoke is Problematic
- Implicit grant type: Invalid grant_type parameter value WSO2
- Disable consent in oauth2 implicit grant type
- Refresh token returns invalid grant type
- Revoking Android Native App Access Token from WSO2 Identity Server