I am guessing that currently there is no way.
Google OAuth2: Programatically revoking a specific refresh token (but not access to app)
-
05-06-2023 - |
Question
The application I'm working stores multiple refresh tokens for a given (Google Account, App) pair.
When deleting a refresh token from our database, we'd like to invalidate this token, but not any other currently valid refresh token issued for the same (Google Account, App).
Using
https://accounts.google.com/o/oauth2/revoke?token={token}
seems to invalidate all refresh tokens for (Google Account, App).
Question: is there a way to invalidate a single refresh token?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow