Programmatically Revoke OAuth token for google account

StackOverflow https://stackoverflow.com/questions/7095566

Question

So here at the end of the page says a way to be able to revoke this token via the AuthSub api (the old api).

I manage the whole authentication system with the new api OAuth and when I try to revoke the token with the authsub steps its just sending me an "HTTP Error 403: Invalid AuthSub token."

Here is my code in python:

req = urllib2.Request("https://www.google.com/accounts/AuthSubRevokeToken",headers=
      {'Authorization':'AuthSub token="mysuperloluselesstoken"'})
urllib2.open(req)

Is there an easier way to do this? Should I do something with the secret_token + user_token + consumer?

Was it helpful?

Solution

Just answered over here: Server side removal of Oauth token

You have the correct URL to request revocation of an OAuth 1.0 token (using the AuthSub endpoint). The primary issue above is that you're constructing an AuthSub Authorization header. Instead, you should construct an OAuth 1.0 signed request (in the same way you sign any other request via OAuth 1.0): http://tools.ietf.org/html/rfc5849#section-3.5.1

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top