C# How can I add a parameter to my Http request?

Question

I am trying to create a Logout function for a console application that is using OAuth 2.0. However, when I call my function the response is:

{
  "error" : "invalid_token"
}

Following this information, this is how I make the Http Request:

var values = new Dictionary<string, string> { { "token", token.Token } };
var content = new FormUrlEncodedContent(values);

HttpClient client = new HttpClient();
var response = 
    await client.PostAsync("https://accounts.google.com/o/oauth2/revoke",content);

var responseString = await response.Content.ReadAsStringAsync();
Log.Info(responseString);

Google says:

To programmatically revoke a token, your application makes a request to https://accounts.google.com/o/oauth2/revoke and includes the token as a parameter:

curl https://accounts.google.com/o/oauth2/revoke?token={token}

The token can be an access token or a refresh token. If the token is an access token and it has a corresponding refresh token, the refresh token will also be revoked.

If the revocation is successfully processed, then the status code of the response is 200. For error conditions, a status code 400 is returned along with an error code.

Someone pointed out that the first parameter of PostAsync should be https://accounts.google.com/o/oauth2/revoke?token=. However, when I tried I received the following response:

{
  "error" : "invalid_request",
  "error_description" : "Missing required parameter: token"
}  

Because of the difference in error messages, I feel like I am passing the token when it is "https://accounts.google.com/o/oauth2/revoke", or I at least got the parameter part down, but am not certain I am correct.

Are there any glaring errors that maybe the source of the problem?

Update:

Is it also possible to see the status code in the response message?

Yes when I print out response.StatusCode I see the return being BadRequest meaning it is something syntactically wrong with the request.

After Reading RFC Documentation :

The client constructs the request by including the following parameters using the "application/x-www-form-urlencoded" format in the HTTP request entity-body:

....

For example, a client may request the revocation of a refresh token with the following request:

 POST /revoke HTTP/1.1
 Host: server.example.com
 Content-Type: application/x-www-form-urlencoded
 Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

 token=45ghiukldjahdnhzdauz&token_type_hint=refresh_token

After reading this they recommend using POST but didn't say it was necessary, and that the second parameter token_type_hint is OPTIONAL.

However, the application/x-www-form-urlencoded part is what I don't understand. Can someone clear up what this is?

Answer 1

The examples on the Google (Ruby) use a GET request instead of a POST. I would try switching to HttpClient.GetAsync. Roughly:

HttpClient client = new HttpClient();
var response = 
    await client.GetAsync("https://accounts.google.com/o/oauth2/revoke?token=" + HttpServerUtility.UrlEncode(token.Token));

var responseString = await response.Content.ReadAsStringAsync();
Log.Info(responseString);