Oauth revoked token
https://stackoverflow.com/questions/956398
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is there any way to determine if an oauth token has been revoked besides actually making a function call? I am working with an Oauth provider that has a single function call that is time consuming and costs money. On my website, I'd like to be able to determine if my access token is valid withing making that call. Thanks
Solution
Regrettably the OAuth specification does not provide a standard mechanism.
It would perhaps be appropriate for the OAuth provider to give an additional method to indicate that the token is valid.
OTHER TIPS
You will notice that the token is not valid anymore when you try to use it to access some protected resource.
Without making a separate call, the server would have to push token revocation notification to you which it probably doesn't do.
Other than that, the server should provide you an expires_in token validity in seconds when issuing the token, so you should be able to at least tell yourself when the token is about to expire.
