invalidateAccessToken() fails

[justincy]

invalidateAccessToken() does not work. It calls DELETE https://ident.familysearch.org/cis-web/oauth2/v3/token which returns a 405. It doesn't appear to be sending an auth token either. Here are the headers:

DELETE https://ident.familysearch.org/cis-web/oauth2/v3/token

Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Connection: keep-alive
Content-Type: application/x-gedcomx-v1+json
Host: ident.familysearch.org

[justincy]

BTW, where is that endpoint documented?

[stoicflame]

It's a problem at FamilySearch. There's a bug open on the identity guys for this.

It's documented at the Access Token Resource.

[justincy]

Thanks Ryan.

Dallan, what should we do until then? We could expose a method that deletes the access token and it's cookie.

On Fri, Apr 25, 2014 at 11:40 AM, Ryan Heaton notifications@github.comwrote:

It's a problem at FamilySearch. There's a bug open on the identity guys for this https://almtools.ldschurch.org/fhjira/browse/IDENT-3188.

It's documented at the Access Token Resourcehttps://familysearch.org/developers/docs/api/authentication/Access_Token_resource .

— Reply to this email directly or view it on GitHubhttps://github.com/rootsdev/familysearch-javascript-sdk/issues/48#issuecomment-41419503 .

[DallanQ]

The bug report above appears to have gotten a "won't fix" reply. How about if I change the existing invalidateAccessToken() method to delete the access token and cookie and simply omit the DELETE call? I could make this change on Monday.

[justincy]

Sounds good to me.

[stoicflame]

Yeah, they don't want to fix it. But I think we're going to fix it at a layer above them, so I'm still hopeful we can get it implemented.

[stoicflame]

FYI, this got fixed. Should work now.

[DallanQ]

Thanks! I'll fix this later this week.