search

nuxt-community / auth-module

Zero-boilerplate authentication support for Nuxt 2
https://auth.nuxtjs.org
MIT License
1.93k stars 923 forks source link

Discord revoke token Method Not Allowed #1425

Open Edouard127 opened 2 years ago

Edouard127 commented 2 years ago

Any versions

Nuxt configuration

  discord: {
        scheme: "oauth2",
        endpoints: { //Endpoint oauth2 https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-urls
          authorization: 'https://discord.com/api/oauth2/authorize',
          token: 'https://discord.com/api/oauth2/token',
          userInfo: 'http://discordapp.com/api/users/@me',
          logout: 'https://discord.com/api/oauth2/token/revoke'
        },
        token: {
          property: 'access_token',
          type: 'Bearer',
          name: 'Authorization',
          maxAge: 5*60 // Can be dynamic ?
        },
        refreshToken: {
          property: 'refresh_token',
          maxAge: 60 * 60 * 10 // Can be dynamic ? 
        },
        responseType: 'code',
        grantType: 'authorization_code',
        clientId: '',
        clientSecret: '',
        scope: ['email'], //Scopes https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-scopes
        codeChallengeMethod: '',
        autoLogout: true
      },

-->

Reproduction

Create a button --> <a @click="logout()">Logout</a>

methods: {
    logout() {
      this.$auth.logout();
    },
  },
};

The request is made in client side, with a GET request, Discord only accept POST requests

What is expected?

Logging out and redirecting to the main page (defined in the config)

What is actually happening?

Sending a GET request, does logout but doesn't revoke the access token and print the API error message ( {"message": "405: Method Not Allowed", "code": 0} )

Intevel commented 2 years ago

I was able to reproduce this issue using the Discord documentation.

And I have something to add to the Issue: In accordance with the relevant RFCs, the token and token revocation URLs will only accept a content type of application/x-www-form-urlencoded. JSON content is not permitted and will return an error.

https://discord.com/developers/docs/topics/oauth2#shared-resources-oauth2-urls

Edouard127 commented 2 years ago

I am still able to reproduce this issue Version 5.0.0-1648802546.c9880dc

Edouard127 commented 2 years ago

@Intevel Any update on this ?

Intevel commented 2 years ago

@Edouard127 I will take a look at it.

Intevel commented 2 years ago

I don't know why this was closed, this wasn't fixed.

Edouard127 commented 2 years ago

I shouldn't have closed it

Intevel commented 2 years ago

So I think, this module is not really maintained anymore. We need an option for every Provider to specific the Request Method. I don't know if we should implement this.