Stuck with revokeOAuth2Token


#1

Hi all,
I am trying to set up a client. It gets a token from hydra (after user consent), this works. Now clients wants the user to logout and therefore revoking the access token is required. When using the SDK, this is done with revokeOAuth2Token as far as I can tell from the docs. I can’t get this to work and a little help would be great.

I have setup the client as -

hydra clients create --skip-tls-verify \
    --id lic-subs \
    --secret lic-subs \
    --grant-types client_credentials \
    --response-types token,code,id_token \
    --allowed-scopes openid,offline,hydra,hydra.clients,hydra.introspect \
    --callbacks https://my-domain.com/9001/v1/api/callback

I have not created any policy (not sure, what was required for revoke).

now when I call hydra.revokeOAuth2Token(token)
it gives me following error -

{
“error”: “invalid_client”,
“error_description”: “Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)”,
“statusCode”: 403
}

when i check logs,

time="2018-05-21T17:54:15Z" level=info msg="started handling request" method=POST remote="182.74.219.2:61050" request=/oauth2/revoke
time="2018-05-21T17:54:15Z" level=error msg="An error occurred" error=invalid_request
time="2018-05-21T17:54:15Z" level=debug msg="Stack trace: \ngithub.com/ory/hydra/vendor/github.com/ory/fosite.(*Fosite).NewRevocationRequest\n\t/go/src/github.com/ory/hydra/vendor/github.com/ory/fosite/revoke_handler.go:53\ngithub.com/ory/hydra/oauth2.(*Handler).RevocationHandler\n\t/go/src/github.com/ory/hydra/oauth2/handler.go:240\ngithub.com/ory/hydra/oauth2.(*Handler).RevocationHandler-fm\n\t/go/src/github.com/ory/hydra/oauth2/handler.go:123\ngithub.com/ory/hydra/vendor/github.com/julienschmidt/httprouter.(*Router).ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/julienschmidt/httprouter/router.go:299\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.Wrap.func1\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:41\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:24\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1918\ngithub.com/ory/hydra/cmd/server.(*Handler).rejectInsecureRequests\n\t/go/src/github.com/ory/hydra/cmd/server/handler.go:201\ngithub.com/ory/hydra/cmd/server.(*Handler).(github.com/ory/hydra/cmd/server.rejectInsecureRequests)-fm\n\t/go/src/github.com/ory/hydra/cmd/server/handler.go:114\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.HandlerFunc.ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:24\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.(middleware).ServeHTTP-fm\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33\ngithub.com/ory/hydra/vendor/github.com/meatballhat/negroni-logrus.(*Middleware).ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/meatballhat/negroni-logrus/middleware.go:136\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.middleware.ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:33\ngithub.com/ory/hydra/vendor/github.com/urfave/negroni.(*Negroni).ServeHTTP\n\t/go/src/github.com/ory/hydra/vendor/github.com/urfave/negroni/negroni.go:73\ngithub.com/ory/hydra/vendor/github.com/rs/cors.(*Cors).Handler.func1\n\t/go/src/github.com/ory/hydra/vendor/github.com/rs/cors/cors.go:200\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1918\ngithub.com/ory/hydra/vendor/github.com/gorilla/context.ClearHandler.func1\n\t/go/src/github.com/ory/hydra/vendor/github.com/gorilla/context/context.go:141\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:1918\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2619\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:1801\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:2337"
time="2018-05-21T17:54:15Z" level=info msg="completed handling request" measure#http://14.143.46.70:4444.latency=2233830 method=POST remote="182.74.219.2:61050" request=/oauth2/revoke status=403 text_status=Forbidden took=2.23383ms

Here is a screenshot from postman

Anyone knows what I am missing?
Thanx for any help in advance!!


#2

Please authenticate with client credential base on your example:

username: lic-subs
passworrd: lic-subs