revoke method
Allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed
Implementation
Future<void> revoke() async {
var methods =
client.issuer.metadata.tokenEndpointAuthMethodsSupported ?? [];
var uri = client.issuer.metadata.revocationEndpoint;
if (uri == null) {
throw UnsupportedError('Issuer does not support revocation endpoint.');
}
var request = _token.refreshToken != null
? {'token': _token.refreshToken, 'token_type_hint': 'refresh_token'}
: {'token': _token.accessToken, 'token_type_hint': 'access_token'};
if (methods.contains('client_secret_basic')) {
var h = base64
.encode('${client.clientId}:${client.clientSecret ?? ''}'.codeUnits);
await http.post(client.issuer.tokenEndpoint,
headers: {'authorization': 'Basic $h'},
body: request,
client: client.httpClient);
} else {
await http.post(uri,
body: {
...request,
'client_id': client.clientId,
if (client.clientSecret != null)
'client_secret': client.clientSecret
},
client: client.httpClient);
}
}