Revoke should provide clientId

ringcentral · Oct 10, 2024 · e792fc0 · e792fc0
1 parent 5b5b176
commit e792fc0
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts
@@ -208,12 +208,16 @@ class RingCentral implements RingCentralInterface {
       // nothing to revoke
       return;
     }
-    if (!this.rest.clientId || !this.rest.clientSecret) {
-      // no clientId or clientSecret, the token is from external source, cannot revoke
+    if (!this.rest.clientId) {
+      // if no clientId, the token is from external source, cannot revoke
+      // no clientSecret is fine, since PKCE doesn't have clientSecret
       return;
     }
     const temp = tokenToRevoke ?? this.token?.access_token ?? this.token?.refresh_token;
-    await this.restapi(null).oauth().revoke().post({ token: temp });
+    await this.restapi(null)
+      .oauth()
+      .revoke()
+      .post({ token: temp, client_id: this.rest.clientId } as any); // todo: spec doesn't allow client_id
     this.token = undefined;
   }