OIDCProviderRevocationEndpoint will not accept empty string to bypass revocation

[SarahBachman]

Recently updated from v2.3.8.1 -> v2.4.15.3 on one of our legacy sites. It did not use to try to call the revoke url as we don't need it to. After updating, our logout time increased exponentially, and I found a message in our logs referencing a revocation url call timeout (I'm assuming it times out because we don't have any url for this setup).

I am trying to prevent the revocation completely at this point and read in the release notes that I should be able to configure an empty string for OIDCProviderRevocationEndpoint and bypass revocation. However, I keep getting errors for every iteration of an empty string.

• OIDCProviderRevocationEndpoint "" = OIDCProviderRevocationEndpoint takes one argument, Define the RFC 7009 Token Revocation Endpoint URL
• OIDCProviderRevocationEndpoint " " = ' ' cannot be parsed as a URL (no scheme set)
• OIDCProviderRevocationEndpoint "\"\"" = '""' cannot be parsed as a URL (no scheme set)

Am I missing something here? Is there a specific empty string configuration I should be using?

[zandbelt]

OIDCProviderRevocationEndpoint ""

should work >= 2.4.14 and just re-confirmed with 2.4.15.3, it seems you have installed a version >= 2.4.0 < 2.4.14 which would not accept an empty string