From ec9f02ea75a68e00cf694a90448fa18e99c40d57 Mon Sep 17 00:00:00 2001
From: Tamal Anwar Chowdhury <tamalanwaronline@gmail.com>
Date: Mon, 13 Apr 2026 12:37:24 +0600
Subject: [PATCH 1/2] fix: add PHP secure cookie flag and C# token revocation
 example (gap report)

Made-with: Cursor
---
 .../sdks/backend/dotnet-sdk.mdx               | 28 ++++++++++++++++++-
 .../developer-tools/sdks/backend/php-sdk.mdx  | 17 ++++++++++-
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx b/src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx
index d34f2d0ef..90afb594a 100644
--- a/src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx
+++ b/src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx
@@ -34,7 +34,7 @@ keywords:
   - openid connect
   - machine to machine
   - kinde client
-updated: 2024-01-15
+updated: 2026-04-13
 featured: false
 deprecated: false
 ai_summary: Guide to using the Kinde .NET SDK for integrating with the Management API, including installation, configuration, and API calls for user and organization management.
@@ -117,4 +117,30 @@ Note this requires the `create:organizations` and `update:organizations` scopes
 
 For full details of the available management API functions, see the [Kinde Management API specification](/kinde-apis/management/).
 
+## Revoke a token
+
+To revoke an access or refresh token, call the `/oauth2/revoke` endpoint with your client credentials and the token to revoke.
+
+```csharp
+using System.Net.Http.Headers;
+using System.Text;
+
+var httpClient = new HttpClient();
+var credentials = Convert.ToBase64String(
+    Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}")
+);
+
+var request = new HttpRequestMessage(HttpMethod.Post, "https://your-subdomain.kinde.com/oauth2/revoke");
+request.Headers.Authorization = new AuthenticationHeaderValue("Basic", credentials);
+request.Content = new FormUrlEncodedContent(new[]
+{
+    new KeyValuePair<string, string>("token", tokenToRevoke),
+    new KeyValuePair<string, string>("token_type_hint", "access_token") // or "refresh_token"
+});
+
+var response = await httpClient.SendAsync(request);
+```
+
+A successful revocation returns `HTTP 200`. Once revoked, the token can no longer be used to authenticate requests.
+
 If you need help getting Kinde connected, contact us at [support@kinde.com](mailto:support@kinde.com).
diff --git a/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx b/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx
index 6ae74da3f..46fefdf37 100644
--- a/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx
+++ b/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx
@@ -4,6 +4,8 @@ title: PHP SDK
 description: "Complete guide for PHP SDK including Composer installation, OAuth integration, authentication flow, user permissions, and cookie configuration for PHP applications."
 sidebar:
   order: 14
+tableOfContents:
+  maxHeadingLevel: 3
 relatedArticles:
   - 02d02820-92da-4721-9a91-222c9b095869
 head:
@@ -33,7 +35,7 @@ keywords:
   - user permissions
   - cookie settings
   - callback URLs
-updated: 2024-01-15
+updated: 2026-04-13
 featured: false
 deprecated: false
 ai_summary: Complete guide for PHP SDK including Composer installation, OAuth integration, authentication flow, user permissions, and cookie configuration for PHP applications.
@@ -181,6 +183,19 @@ $storage->setCookiePath('/');
 $storage->setCookieDomain('yourdomain.com');
 ```
 
+### Disabling the Secure cookie flag (for local development)
+
+By default, cookies are set with the `Secure` flag, which requires HTTPS. When developing over HTTP locally, you can disable this:
+
+    ```php
+    $storage = Storage::getInstance();
+    $storage->setCookieSecure(false); // Only use this in local/dev environments
+    ```
+
+    <Aside type="warning">
+    Do not disable the `Secure` flag in production.
+    </Aside>
+
 ## Logout
 
 The Kinde SPA client comes with a logout method.

From eb9f107e3fa5886e803441488ea1553ebbb91425 Mon Sep 17 00:00:00 2001
From: Tamal Anwar Chowdhury <tamalanwaronline@gmail.com>
Date: Mon, 13 Apr 2026 13:57:28 +0600
Subject: [PATCH 2/2] fix aside nesting

---
 src/content/docs/developer-tools/sdks/backend/php-sdk.mdx | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx b/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx
index 46fefdf37..7b3b3a361 100644
--- a/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx
+++ b/src/content/docs/developer-tools/sdks/backend/php-sdk.mdx
@@ -192,9 +192,9 @@ By default, cookies are set with the `Secure` flag, which requires HTTPS. When d
     $storage->setCookieSecure(false); // Only use this in local/dev environments
     ```
 
-    <Aside type="warning">
-    Do not disable the `Secure` flag in production.
-    </Aside>
+<Aside type="warning">
+Do not disable the `Secure` flag in production.
+</Aside>
 
 ## Logout