Logout failed in implicit flow

Question

Logout failed in implicit flow

embbnux opened this issue 5 years ago · 8 comments

In implicit flow when call logout, it will throw 401 error.
It is because our api doesn't support to revoke implicit flow token. The token will expired in a hour.

So when user calls logout in implicit flow, we just need to clear token cache.

embbnux commented 5 years ago

Sure

kirill-konshin commented 5 years ago

Fixed

Answer 1 · 2019-08-23T03:52:41.000Z

I guess I can check if there's a refresh_token in auth data here https://github.com/ringcentral/ringcentral-js/blob/master/sdk/src/platform/Platform.ts#L408

Answer 2 · 2019-08-23T05:22:32.000Z

Hi @kirill-konshin In client side, we can only get access_token in implicit flow. To refresh token in implicit flow, we need to use iframe to visit auth page, and get new token from redirect uri.

Answer 3 · 2019-08-23T19:14:42.000Z

I mean if there's no refresh_token in auth data it means that implicit flow was used. We can use this to bypass the request.

Answer 4 · 2019-08-26T00:51:01.000Z

Yes, we can do that

Answer 5 · 2019-08-29T00:20:36.000Z

Can you send a PR?

Answer 6 · 2019-08-29T08:40:45.000Z

Found that revoke api works for implicit token if client provides app client secret.
But in implicit flow, actually we don't want to add app secret in client side.
So revoke api return 401 when client doesn't provide app client secret.
So using app secret to bypass the request will be better.