revokeAuthorizationToken returns nothing

a-tokyo / apple-signin-auth

 Apple signin for nodeJS.

MIT License

152 stars 35 forks source link

revokeAuthorizationToken returns nothing #132

Closed sidan5 closed 2 years ago

sidan5 commented 2 years ago

I'm using

const clientSecret = appleSignin.getClientSecret({
clientID: "com.company.app", // Apple Client ID
teamID: "teamID", // Apple Developer Team ID.
privateKey: "PRIVATE_KEY_STRING", // private key associated with your client ID. -- Or provide a "privateKeyPath" property instead.
keyIdentifier: "XXXXXXXXXX", // identifier of the private key. - can be found here https://developer.apple.com/account/resources/authkeys/list
// OPTIONAL
expAfter: 15777000, // Duration after which to expire JWT
});

const options = {
clientID: "com.company.app", // Apple Client ID
clientSecret
};

try {
  const response = appleSignin.revokeAuthorizationToken(refreshToken, options);
} catch (err) {
  console.error(err);
}

'response' I'm getting is always empty. I'm setting up 'refreshToken' as some dummy string and still no error. Please help.

Everything is set up correctly and I'm retrieving clientSecret correctly.

sidan5 commented 2 years ago

@zicyApp Can you look into this?

zicyApp commented 2 years ago

@sidan5 I think it should be await appleSignin.revokeAuthorizationToken(refreshToken, options);

sidan5 commented 2 years ago

@sidan5 I think it should be await appleSignin.revokeAuthorizationToken(refreshToken, options);

It's not recognized as asynchronous function...

zicyApp commented 2 years ago

@sidan5 also the revoke should only return an empty 200 on success

a-tokyo commented 2 years ago

@sidan5 Check version 1.7.3 -- Are you still facing the problem.

sidan5 commented 2 years ago

@A-Tokyo Still get no error and an empty response for any dummy token. Expect to get some error response.

zicyApp commented 2 years ago

@sidan5 @A-Tokyo I've done some extra tests with the revoke call.

We can only get { error: 'invalid_client' } when the client_id or the client_secret is invalid. With a dummy/expired token you can only get an empty response.

I also had a typo in the last parameter token_type_hint, but it's optional so the call should work without that anyway.

sidan5 commented 2 years ago

@zicyApp so how do you know when success? 🤔

zicyApp commented 2 years ago

@sidan5 I test it normally with the complete login flow

Login with apple in your app
Save access/refresh token
Login to https://appleid.apple.com/ to make sure you the authorized app is on the list
Call revoke with the valid credentials
On https://appleid.apple.com/ the previously authorized app should not be there anymore

a-tokyo commented 2 years ago

@sidan5 I think @zicyApp's answer solved this issue. Please reopen the issue if you're still facing this problem.

@zicyApp Thanks for your contributions!