From f67ae31662cfbe2d3cac84c0e34c4a10c27ddca0 Mon Sep 17 00:00:00 2001
From: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
Date: Tue, 24 Oct 2023 11:16:01 +0200
Subject: [PATCH] send a revoke token request after logout

---
 .../src/shared/auth/auth-flow.ts                     | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/Umbraco.Web.UI.Client/src/shared/auth/auth-flow.ts b/src/Umbraco.Web.UI.Client/src/shared/auth/auth-flow.ts
index 34134e3503..a57a410c9b 100644
--- a/src/Umbraco.Web.UI.Client/src/shared/auth/auth-flow.ts
+++ b/src/Umbraco.Web.UI.Client/src/shared/auth/auth-flow.ts
@@ -24,6 +24,7 @@ import {
 	AuthorizationServiceConfiguration,
 	GRANT_TYPE_AUTHORIZATION_CODE,
 	GRANT_TYPE_REFRESH_TOKEN,
+	RevokeTokenRequest,
 	TokenRequest,
 	TokenResponse,
 	LocationLike,
@@ -227,6 +228,17 @@ export class UmbAuthFlow {
 	 */
 	async signOut() {
 		// forget all cached token state
+		if (!this.#accessTokenResponse) {
+			return;
+		}
+
+		const tokenRevokeRequest = new RevokeTokenRequest({
+			token: this.#accessTokenResponse.accessToken,
+			client_id: this.#clientId,
+			token_type_hint: 'access_token',
+		});
+
+		await this.#tokenHandler.performRevokeTokenRequest(this.#configuration, tokenRevokeRequest);
 		this.#accessTokenResponse = undefined;
 		this.#refreshToken = undefined;
 		await this.#storageBackend.removeItem(TOKEN_RESPONSE_NAME);