I'm using oidc-client in my SPA application against IdentityServer3, using implicit flow.
Revoking my reference token on sign out is not working.
I have set revokeAccessTokenOnSignout: true and client_secret to a dummy secret, and I see the request being sent out. However I'm getting a "400 bad request invalid client" response. Here's the request being sent:
And here's the response:
{"error":"invalid_client"}
And here's the IdentityServer config:
new Client
{
ClientName = "Client Name",
ClientId = "myclientid",
ClientSecrets = new List<Secret>
{
new Secret("secret".Sha256())
},
AccessTokenType = AccessTokenType.Reference,
Flow = Flows.Implicit,
RequireConsent = false,
RedirectUris = new List<string>
{
...
},
AllowedCorsOrigins = new List<string>
{
...
},
PostLogoutRedirectUris = new List<string>
{
...
},
AllowedScopes = new List<string>
{
...
} //.. allowed
}, //..new client
Any ideas what I might be doing wrong?
