Need help for revoke(logout)

[wyk111wyk]

After I transferred to the new authentication process, it works fine.
But both the owner-api revoke or the oAuth2revoke are not working, after logging out and relogin, the first step would return the code for bearer token, not even require username and password. No way to change account.

I read all docs, it seems not mention the revoke process.

[yakeer]

Wondering if there is any new update on this.

[SanJoseBart]

I don't have an answer, but perhaps I can provide a clue that others can improve on. When you sign out in the IOS Tesla app, the app sends a POST to https://auth.tesla.com/oauth2/v3/logout?post_logout_redirect_uri=https%3A//auth.tesla.com/void/callback&id_token_hint=xxx, where "xxx" is the value of id_token (not access_token) from the same authorization response that provides an access_token. The body of the POST request is empty, and there doesn't appear to be anything important in the headers (e.g., no authorization header).

The POST returns a 302 (redirect) status, with a redirect location that exactly matches the URI in the POST request, including the post_logout_redirect_uri and id_token_hint parameters. The body says "Found. Redirecting to ....".

The app then does a GET to the same URI as the POST, including the same two parameters. The get returns an HTTP page that looks like it might be a generic welcome page. I suspect this GET may be unnecessary for logging out.

However, when I try to duplicate the app's behavior as closely as possible, everything behaves the same, but it seems to have no effect. The access_token is still valid for further API calls, as is the refresh_token. No logout occurs. If anyone knows how to make it work, please post!

[SylvainGa]

Anybody got this working? It's possible since the Tesla app can successfully log you out.