Menu
I've just migrated from LinkedIn's JavaScript SDK to their OAuth2.0 authorization flow in my application due to their announcement of deprecating their SDKs in March.
The auth flow is working as expected. The issue is that I can't find any documentation on how to force re-authentication or invalidate the current user's access token. The previous JavaScript SDK had an IN.User.logout() method that I used to allow for re-authentication which is not available using the OAuth2.0 flow. This will cause problems for users who are logging in on a shared computer/browser.
Below are some ways I've figured out where re-authentication is initiated, but none my application can do itself:
Does anyone have a recommendation on how I can force re-authentication within the application? Or is this impossible unless LinkedIn implements an endpoint to invalidate the token?
Hoping someone from LinkedIn may be able to chime in on this and how they expect developers to handle this scenario as they point to Stack Overflow for support.
References
Update [2/12/19]: I've contacted LinkedIn directly regarding this issue and they continued to direct me here and insist that I repost the question. Hoping someone from LinkedIn will see this still but assuming it won't get answered anytime soon. Will have to assume invalidation does not exist in v2 APIs.
457
I had same suffering as you, so I started with all possible combinations of requests until I managed to revoke token, this is the request:
curl --request POST \
--url https://www.linkedin.com/oauth/v2/revoke \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=CLIENT_ID_HERE \
--data client_secret=CLIENT_SECRET_HERE \
--data token=YOUR_TOKEN_HERE
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
