fix: actually revoke the token

discord-tickets · Jan 21, 2024 · 3e7127a · 3e7127a
1 parent 73c30c8
commit 3e7127a
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/routes/auth/logout.js b/src/routes/auth/logout.js
@@ -5,7 +5,11 @@ module.exports.get = fastify => ({
 		const { accessToken } = req.user;
 
 		await fetch('https://discord.com/api/oauth2/token/revoke', {
-			body: new URLSearchParams({ token: accessToken }).toString(),
+			body: new URLSearchParams({
+				client_id: req.routeOptions.config.client.user.id,
+				client_secret: process.env.DISCORD_SECRET,
+				token: accessToken,
+			}).toString(),
 			headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
 			method: 'POST',
 		});