I’m trying to understand SSO, we have been able to do the logout from our system, and now we are trying to revoke the token. The users log in into the system using OIDC with a PKCE process, we have many users using movile devices. To do the revoke we are sending a POST to our revoke endpointwith only two parameters:
- toker=is the user token
okta’s reply is: “Bad request”, in the documentation I have read another parameter: “Autorization: Basic …”, I undertand in my case the autorization is: Bearer, so how can I do the revoke?
Any help will be very appreciated