Closed dogeared closed 7 years ago
Fixes #1304.
To UAT, login using a password grant:
http -f http://localhost:8080/oauth/token username=XYZ password=XXX grant_type=password
Use the refresh_token value to logout:
http -f http://localhost:8080/oauth/revoke token_type_hint=refresh_token token=XXX
You should see cookies being set, whereas there are no cookies set on master.
examples/servlet:
http -f http://localhost:8080/oauth/revoke token_type_hint=refresh_token token=XXX HTTP/1.1 200 OK Cache-Control: no-store, no-cache Content-Length: 0 Date: Tue, 07 Mar 2017 16:31:09 GMT Pragma: no-cache Server: Apache-Coyote/1.1 Set-Cookie: access_token=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly Set-Cookie: refresh_token=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly
examples/spring-security-spring-boot-webmvc:
http -f http://localhost:8080/oauth/revoke token_type_hint=refresh_token token=XXX HTTP/1.1 200 Cache-Control: no-store, no-cache Content-Length: 0 Date: Tue, 07 Mar 2017 16:34:14 GMT Expires: 0 Pragma: no-cache Set-Cookie: JSESSIONID=1255715FE2A661AA3F55126EB87C4617;path=/;HttpOnly Set-Cookie: access_token=;Max-Age=0;path=/;HttpOnly Set-Cookie: refresh_token=;Max-Age=0;path=/;HttpOnly X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block
Fixes #1304.
To UAT, login using a password grant:
Use the refresh_token value to logout:
You should see cookies being set, whereas there are no cookies set on master.
examples/servlet:
examples/spring-security-spring-boot-webmvc: