Cannot revoke and refresh token for aurth provider which supports only auth_methods client_secret_ba
Hi all,
I have auth provider which supports only auth_methods client_secret_basic
I use https://github.com/zitadel/oidc as client library to authorize a device
I have managed to get access token, however i cannot refresh and revoke the token
I found that basic auth header is not added to refresh and revoke requests
However the header added to DeviceAuthorization and DeviceAccessToken requests
if request.ClientSecret != "" {
req.SetBasicAuth(request.ClientID, request.ClientSecret)
}
Could you pleas help me to understand whether it is a bug or by design?
If it is a bug i can provide PR
I have auth provider which supports only auth_methods client_secret_basic
I use https://github.com/zitadel/oidc as client library to authorize a device
I have managed to get access token, however i cannot refresh and revoke the token
I found that basic auth header is not added to refresh and revoke requests
However the header added to DeviceAuthorization and DeviceAccessToken requests
if request.ClientSecret != "" {
req.SetBasicAuth(request.ClientID, request.ClientSecret)
}
Could you pleas help me to understand whether it is a bug or by design?
If it is a bug i can provide PR
GitHub
Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation - zitadel/oidc
