fix: add token_type and client_id to the revoke endpoint

DanielRivers · DanielRivers · commit e50607e506be · 2025-10-30T18:59:07.000Z
diff --git a/src/state/KindeProvider.tsx b/src/state/KindeProvider.tsx
@@ -239,25 +239,27 @@ export const KindeProvider = ({
             const accessToken = tokens?.accessToken;
             const refreshToken = tokens?.refreshToken;
 
-            await Promise.all([
-              fetch(`${domain}/logout`),
+            await fetch(`${domain}/logout`),
               refreshToken &&
                 fetch(`${domain}/oauth2/revoke`, {
                   method: "POST",
                   body: JSON.stringify({
                     token: refreshToken,
+                    client_id: clientId,
+                    token_type: "refresh_token",
                   }),
                   headers: {
                     "Content-Type": "application/json",
                     Authorization: `Bearer ${accessToken}`,
                   },
                 }),
-            ]);
             if (accessToken) {
               await fetch(`${domain}/oauth2/revoke`, {
                 method: "POST",
                 body: JSON.stringify({
                   token: accessToken,
+                  client_id: clientId,
+                  token_type: "access_token",
                 }),
                 headers: {
                   "Content-Type": "application/json",
