authts/oidc-client-ts

Revoke endpoint content type is not handled properly

ept-Ayush opened this issue · 1 comments

ept-Ayush commented

Hi @pamapa , @kherock ,
I am using ping federate as idp, just now I have upgraded from oidc-client-js (everything was working fine need to upgrade due to snyk vulnaribility for serialize-javascript@4.0.0 version) to oidc-client-ts version.

Everything works fine except the revoke access endpoint. what exactly happening is when I am calling below code

userManager.signoutRedirect({
   extraQueryParams: {
      TargetResource: `${LOGIN_ENDPOINT}/logout-callback`,
    },
}) .catch(error => {
     console.error(error);
     signOut();
});

or 

userManager.signoutRedirect().catch(error => {
     console.error(error);
     signOut();
});

the revoke endpoint got successful and the token is revoked successfully. but it goes to the catch block having error

image

Here's network screenshot
image

The issue is happening on this particular line.

oidc-client-ts/src/JsonService.ts

Line 150 in 1f4390b

if (contentType && !this._contentTypes.find(item => contentType.startsWith(item))) {

Along with the above issue I have one more question if revokeTokenTypes: ["access_token", "refresh_token"] then will the revoke endpoint revoke one by one both access and refresh token or it will stop once if it goes into the catch block without trying for other one. As in my case whatever at the first index that is revokeTokenTypes[0] api called and it goes into catch block without calling for the second index.

FYI Ping follows this: https://datatracker.ietf.org/doc/html/rfc7009#section-2.2

ept-Ayush commented

Never mind got the solution we need to pass revokeTokenAdditionalContentTypes: ['text/html;charset=utf-8'] in config.