吊销404中找不到的OAuth访问令牌结果 [英] Revoking OAuth Access Token Results in 404 Not Found
问题描述
我正在开发一个与GitHub集成的应用程序,并且遇到了注销"先前已通过身份验证的用户的问题.当我尝试撤消用户的授权令牌时,我从API收到404 Not Found响应.
I'm working on an application that integrates with GitHub and am having issues "logging out" a user that was previously authenticated. When I attempt to revoke the authorization token for the user, I get a 404 Not Found response from the API.
根据文档,看来我应该能够向https://api.github.com/authorizations/[authTokenId]发出DELETE请求.我尝试了几种不同的方法,包括:
According to the documentation, it looks like I should just be able to make a DELETE request to https://api.github.com/authorizations/[authTokenId]. I have tried a couple of different things including:
- 确保使用当前身份验证令牌设置授权"标头
- 确保将UserAgent标头设置为我在其余API调用中使用的标头
除了404之外,什么都没有.我已经验证了令牌是否有效,并且ID是否与期望的匹配(来自授权响应和检查授权"响应的id属性).有人对我可能会缺少的东西有其他想法吗?
Nothing seems to result in anything but a 404 though. I have validated that the token is valid and has that the Id matches with what is expected (id property from the authorization response and from the "check an authorization" response as well). Anyone have another thought on something I could be missing?
推荐答案
类似于当前,您需要包括一个基本的身份验证标头(包括用户名/密码的base64编码字符串).
Looks like currently you need to include a basic authentication header (including a base64 encoded string of your username/password).
对于我的目的而言并不理想,因为当用户注销"我的应用程序并且我不想存储其用户名/密码时,我想撤消令牌.我已经向GitHub支持小组发送了一封电子邮件,以了解他们是否还有其他想法.
Not ideal for my purposes since I want to revoke the token when a user "logs out" of my application and I don't want to store their username/password. I've sent GitHub support an email about it to see if they have any other ideas.
更新6/12/2013
GitHub支持人员表示,目前预期上述情况,但他们正在考虑进行更新,以允许使用授权作为身份验证手段来撤消授权.
GitHub support has stated that the above is expected at this juncture, but they are considering updating to allow revoking an authorization using the authorization as the means of authentication.
现在,我将要求用户第二次输入其用户名/密码来撤消授权.
For now I'm going to require the user to enter their username/password a second time to revoke the authorization.
这篇关于吊销404中找不到的OAuth访问令牌结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
