Replies: 2 comments 1 reply
-
You should provide a refresh or access token: https://zitadel.com/docs/apis/openidoauth/endpoints#revocation_endpoint |
Beta Was this translation helpful? Give feedback.
-
Hello @muhlemmer, I have created an OIDC/PKCE application, and the Zitadel panel does not allow me to save the response type as "ID Token" only "Code"; the only additional thing I can select is "Refresh token"... |
Beta Was this translation helpful? Give feedback.
-
Preflight Checklist
Describe the docs your are missing or that are wrong
I am developing a client that uses the Relaying Party to interface with the Zitadel portal, following the example: https://github.com/zitadel/oidc/blob/main/example/client/app/app.go
During the login phase, just after calling the UserinfoCallback, I save a session with my user's id_token obtained from tokens
*oidc.Tokens[*oidc.IDTokenClaims]
:idToken := tokens.IDToken
At the time of logout, I would expect, before deleting my session, to also revoke the associated tokens; therefore, I used this code:
But neither of the two functions seems to work.
If I check the events page in the Zitadel console, I can see the trace of the creation, but no trace of the token revocation. What am I doing wrong?
It would be useful to integrate the example above by also adding a handler for logout to clarify the issue for others who will approach the problem in the future...
Additional Context
No response
Beta Was this translation helpful? Give feedback.
All reactions