-
Notifications
You must be signed in to change notification settings - Fork 843
TokenRevocation BadRequest invalid_client #133
Comments
This might have been to the recent addition of the revocation of tokens. Do you use reference tokens? |
Yes, I am using reference tokens |
Ok... I'll see if it makes sense to default to false and add a setting to enable this. Also, what IdP/OP are you using? |
I am using IdentityServer3 (2.5.4) |
Ok, fixed on dev: I changed the default for the token revocation at signout to |
1.2.1-beta.1 pushed to npm. please test and let me know. thanks. |
Hi, |
Here the log output of IdentityServer for the test with revocation enabled. 2016-10-21 08:06:01 [Information] "End session request validation success" |
Hmm, I tested this all locally and it was working. For me when I made changes, I was getting cached copies of my app.js -- could that be the case for you? |
Hi, |
Hi again, |
If the UserManager has a user and an id_token it should be passed. |
Hi, |
That info is stored in sessionStore in the browser. Also check the HTTP traffic. |
Hi, SessionStorage is empty. Silent renew works fine, but when I want to log out, no id_token_hint is submitted. This are the http calls: logout?id=0a7356782d5ca33c2a77db7a8daa58dc 200 document http://localhost:8082/connect/endsession 3.2 KB 27 ms styles.min.css 200 stylesheet logout?id=0a7356782d5ca33c2a77db7a8daa58dc:7 (from disk cache) 3 ms scripts.2.5.0.js 200 script logout?id=0a7356782d5ca33c2a77db7a8daa58dc:45 (from disk cache) 3 ms endsessioncallback?sid=ecda54e49e83a3e7174377ecd613485d 200 document scripts.2.5.0.js:4 910 B 30 ms |
Can you enable logging in IdentityServer and see if there's any info there? Also, it seems you're using localStorage (not sessionStorage) for the user -- this means you must have explicitly changed the default. If you're triggering signout from a different instance of the user manager and its settings then it might not know the user data and id_token to send for signout. Last idea -- can you getUser() right before you signout and check if there's an id_token on the user object? |
Hi, |
Recent version Version 1.2.0 throws me Error 400: BadRequest invalid_client
The text was updated successfully, but these errors were encountered: