Revoking Access to Client? #479
Comments
|
That's entirely up to the provider you are authorizing against. This library only provides an abstraction of the standard OAuth2 spec, which does not include any standard for revoking tokens outside of normal expiration. |
|
Bummer. Thanks for the response. Would be a nice addition to simple have a 'revoke()' method in the AbstractProvider so other providers can implement, though. |
|
You could also use the $request = $provider->getAuthenticatedRequest(
'DELETE',
'/PROFILE_ID/permissions',
$accessToken
); |
|
Since it's non-standard, I don't think a |
3 tasks
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm trying to provide clients the ability to revoke the authorization token for the application so that they would have to go through the login process again. Is there a way to do so with this library? I can't find one.
For example, with Facebook we'd have to send an HTTP DELETE request to /PROFILE_ID/permissions.
The text was updated successfully, but these errors were encountered: