Hi guys, I'm trying to revoke a token using the Go SDK, but an error is occuring
The client that I'm using, has permission to revoke.
level=error msg="An error occurred" debug="HTTP Authorization header missing or invalid" error=invalid_request hint="Make sure that the various parameters are correct, be aware of case sens
itivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified."
Someone has an ideia what is happening?
Hey, everyone, how are you?
i am evaluating to use Ory Hydra at my current job and so far it looks really good, but i have a complex use case and i want to know if it is possible to solve it with Hydra.
Basically, what i want to implement is implement the Trusted Master Access Delegation Pattern described in the book Advanced API Security by Prabath
that in general says
"The APIs are hosted in different departments, and each department runs its own OAuth authorization server due to vendor incompatibilities in different deployments. Company employees are allowed to access these APIs via web applications while they’re behind the company firewall, regardless of the department to which they belong.
All user data is stored in a centralized Active Directory, and all the web applications are connected to a centralized OAuth authorization server (which also supports OpenID Connect) to authenticate users. The web applications need to access back-end APIs on behalf of the logged-in user. These APIs may come from different departments, each of which has its own authorization server. The company also has a centralized OAuth authorization server, and an employee having an access token from the centralized authorization server must be able to access any API hosted in any department."