如何撤销 Discord OAuth2.0 中的令牌？

Question

In order to use Discord's API I need a token, and to get it I open a link such as https://discordapp.com/api/oauth2/authorize?client_id=<client_id>&redirect_uri=<redirect_url>&response_type=token&scope=identify

Then I set the token as authorization (in format Bearer <token> ) header of requests that are issued to the Discord's API.

Let's say I want to "logout", so that a certain token can't be used anymore to do such requests. In this case I have to revoke that token, right?

So after reading Discord's documentation and making some adjustments I decided that I have to make a POST request to a URL such as https://discordapp.com/api/oauth2/token/revoke , and content-type header of this request should be set to x-www-form-urlencoded .

When I do it I'm getting an error message from discord's server with message saying {error: "invalid_client"}

What do I do wrong?

Answer 1

So the problem was in actual format of the data I was sending. I was sending JSON data because I thought that setting specific headers would automatically turn the data into the right format, but it turns out I had to use FormData object to create the data in the right format, and after that I also removed the lines where I'm setting the header explicitly, after these steps everything worked fine.

Answer 2

If you come by this question and are wondering what is the full API call to revoke the token, here it is:

POST https://discord.com/api/oauth2/token/revoke
Content-Type: application/x-www-form-urlencoded
data:
  client_id: <client_id>
  client_secret: <client_secret>
  token: <access_token>