on 08-25-2020 2:38 PM
How to use the OAuth 2.0 endpoint /default_host/sap/bc/sec/oauth2/revoke ?
I took a look at method if_http_extension~handle_request in class CL_OAUTH2_S_REVOKE_ENDPOINT which is linked to SICF service "revoke" under the path "/default_host/sap/bc/sec/oauth2/" and figuered out, that probably 2 parameters are needed: token and token_type_hint. Is this correct?
But what values do these parameters need?
I tried with Postman like this...
... but I just receive the error:
{
"error": "invalid_request",
"error_description": "The request is missing a required parameter: token."
}
Any help appreciated!
Due to the lack of SAP documentation, I took a look at the standard documentation under https://tools.ietf.org/html/rfc7009.
As assumed, the revoke-endpoint understands the parameters "token" (mandatory) and "token_type_hint" (optional).
The token parameter should carry the token, and token_type_hint should give the type of the token (access_token or refresh_token) to simplify invalidation for the server.
Also I used the content-type "application/x-www-form-urlencoded" in my HTTP headers.
The question remains about the error "The request is missing a required parameter: token."
EDIT (solution): A SAP expert pointed out to me, that - regarding to the RFC standard - the parameters should be carried in the HTTP request entity-body.
So in Postman it would look like this:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.