Menu
So here at the end of the page says a way to be able to revoke this token via the AuthSub api (the old api).
I manage the whole authentication system with the new api OAuth and when I try to revoke the token with the authsub steps its just sending me an "HTTP Error 403: Invalid AuthSub token."
Here is my code in python:
req = urllib2.Request("https://www.google.com/accounts/AuthSubRevokeToken",headers=
{'Authorization':'AuthSub token="mysuperloluselesstoken"'})
urllib2.open(req)
Is there an easier way to do this? Should I do something with the secret_token + user_token + consumer?
218
Go to the Security section of your Google Account. Under “Third-party apps with account access,” select Manage third-party access. Select the app or service you want to remove. Select Remove Access.
To revoke a refresh token, send a POST request to https://YOUR_DOMAIN/oauth/revoke . The /oauth/revoke endpoint revokes the entire grant, not just a specific token. Use the /api/v2/device-credentials endpoint to revoke refresh tokens.
To revoke an access token, specify type accesstoken. To revoke both the access and refresh tokens, specify type refreshtoken. When it sees type refreshtoken, Apigee assumes the token is a refresh token. If that refresh token is found, then it is revoked.
Just answered over here: Server side removal of Oauth token
You have the correct URL to request revocation of an OAuth 1.0 token (using the AuthSub endpoint). The primary issue above is that you're constructing an AuthSub Authorization header. Instead, you should construct an OAuth 1.0 signed request (in the same way you sign any other request via OAuth 1.0): https://www.rfc-editor.org/rfc/rfc5849#section-3.5.1
117
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
