Server Side Oauth Token Removal

Question

Server Side Oauth Token Removal

If a user wants to remove himself from our service, we will delete all data from our database, including Oauth tokens. The Oauth signs we have are safe and permanent. As a best practice, we would like to completely revoke the tokens, as if they wanted to go to their Google Accounts page and delete it there. I did not understand reading the Oauth documentation, if possible, because all the examples relate to single-session or unsafe cases (and justify my lack of “What did you try?” - ism, but I'm trying to get a quick plan together on how to do this).

So,

1) is it possible? Preferably at 1.0 °

2) how to do it?

+1

oauth

djechlin Jun 18 '12 at 16:37

source share

1 answer

Ryan boyd · Accepted Answer · 2012-06-19T01:11:03+0000

Yes, you can cancel tokens programmatically, as if the user had revoked access on the settings page of their accounts.

For AuthSub and OAuth 1.0, use the AuthSubRevoke token endpoint by making a request signed by OAuth to:

https://www.google.com/accounts/AuthSubRevokeToken

For OAuth 2.0, use a revocation endpoint , for example:

 https://accounts.google.com/o/oauth2/revoke?token={refresh_token}

Server Side Oauth Token Removal

More articles: