When trying to revoke an access token using the GoogleAuthorizationCodeFlow.RevokeTokenAsync method, I discovered a 404 response.
I believe the reason is that the Google.Apis.Auth.OAuth2.GoogleAuthConsts.RevokeTokenUrl is wrong, which is pointing to "https://oauth2.googleapis.com/revoke", while the documentation here defines that the URL should be "https://accounts.google.com/o/oauth2/revoke".
I tested it with the URL from the docs and it works.
However currently I can't submit a pull request which corrects the URL because there is a test in
https://github.com/googleapis/google-api-dotnet-client/blob/master/Src/Support/IntegrationTests/AuthUriConstsTests.cs which verifies that the URLs match the one provided in the google openid connect discovery document.
Therefore I also think that even the discovery document contains a wrong revoke token URL.
This is because the current revoke code uses a GET request, but the new URL requires a POST request. See https://github.com/googleapis/google-cloud-common/issues/260#issuecomment-413231697
This is a bug for which we should have an integration test, but don't; I'll fix it, and a test, and do a release.
Thanks for reporting this bug.
I've also stumbled upon this bug. Hope you will be able to fix it soon.
This is fixed in the v1.36.0 release, available on nuget.
Most helpful comment
This is because the current revoke code uses a GET request, but the new URL requires a POST request. See https://github.com/googleapis/google-cloud-common/issues/260#issuecomment-413231697
This is a bug for which we should have an integration test, but don't; I'll fix it, and a test, and do a release.
Thanks for reporting this bug.