Revoke-operation for oauth-tokens?

Hi everyone, I’m currently developing an app which uses the twitch api to update and display stream-information.

My app also allows the user to log-out. That’s where I only remove the token from the data-storage of the app.

As define within the OAuth2.0 definition, I’d also like to invalidate the token to be never usable again. I couldn’t find any information about such a route. So if the token get’s leaked by some reason, it can still be used (even if harm is intended!).

Is there any way to revoke the tokens access?

This is only possible via the user’s connection settings.

1 Like

So this would be up to the user to revoke the full app its access, even when he might not know something got leaked. :confused:

Would be nice to have such a route to improve security though. Maybe in the future as it’s part of the OAuth2.0’s definition.

Thanks for the reply though.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.