Revoke refresh token in PKCE setup
pskaarup opened this issue · comments
Currently https://docs.esi.evetech.net/docs/sso/revoking_refresh_tokens.html states:
Note: it is currently a bug that basic authentication can only be used with the revocation endpoint. In the future, the EVE SSO will allow you use an access token instead for mobile/desktop applications.
Is there an ETA for this?
Questions about bugs are best directed at their respective issue repos; in this case that would be https://github.com/ccpgames/sso-issues.
A quick test on my part shows that the mentioned bug is no longer present, and PKCE grants can be revoked without issue.
For future reference:
POST to /v2/oauth/revoke
with
"token_type_hint": "access_token"
"client_id": "<your application id>"
"token": "<access_token>"
In the same way you would the refresh endpoint