0

Since Google's OAuth 2.0 endpoint for revoking tokens does not support CORS, and the request should be made by POST they suggest using a form and submit it to the endpoint rather than use the Ajax method to post the request.

OAuth 2.0 for Client Web Applications / revoke docs state:

If evocation is successful, then the response status code will be 200. For error conditions, an HTTP status code will be 400.

But then by using just js on Web-Client how I determine if the request is a success or fail?

I try to load the result to popup windows But because it uses a different origin there is a CORS problem. and the content can't be accessed by JS nor to listen for load or error events.

Or in general, how to make a POST request to unsupported CORS origin and know if it a success of fail

function revokeAccess(accessToken) {
  // Google's OAuth 2.0 endpoint for revoking access tokens.
  var revokeTokenEndpoint = 'https://oauth2.googleapis.com/revoke';

  // Create <form> element to use to POST data to the OAuth 2.0 endpoint.
 var form = document.createElement('form');
    form.method = method;
    form.action = src;
    form.target = 'oauthWindow';
    for (let k in obj) {
        var tokenField = document.createElement('input');
        tokenField.type = 'hidden';
        tokenField.name = k;
        tokenField.value = obj[k];
        form.appendChild(tokenField);
    }

    document.body.appendChild(form);
    form.submit();  
 }
Oleg Valter is with Ukraine
  • 9,619
  • 8
  • 37
  • 59
pery mimon
  • 7,713
  • 6
  • 52
  • 57

1 Answers1

0

For just know if the request success of fail do that : 

  await fetch(authSetting.revoke_endpoint, {
        method: 'POST',
        mode: 'no-cors',
        headers: {
            'Content-Type': 'application/x-www-form-urlencoded'
        },
        body: `token=${payload.access_token}`
    });

the no-cors mode, let the request go out but hide the response. but you still know if it success of fail. prefect

pery mimon
  • 7,713
  • 6
  • 52
  • 57