Reputation: 8681
How to revoke a user's google refresh token?
I let users connect their google calendar account to allow their patients to make appointments with them.
How can I revoke a user's refresh token using node js and the google calendar api? Sometimes users request that we no longer have access to their accounts. I want to fulfill their wish.
Here's the code I'm using
const {tokens} = await oauth2Client.getToken(request.query.code);
oauth2Client.setCredentials({
access_token: tokens.access_token,
}); // use the new auth client with the access_token
let {data} = await oauth2.userinfo.get({
auth: oauth2Client,
});
Upvotes: 1
Views: 3002
Answers (1)
Reputation: 117176
Try the revokeToken method. It requires you pass a specific accessToken to the method: oauth2client.ts#L801
Or there is the revokeCredentials method which accepts no arguments, and revokes the access token currently configured in the OAuth2 instance: oauth2client.ts#L827
It may sound strange that i am telling you to use an access token to revoke a refresh token but if you read tokenrevoke you will see that what it actually does is remove the users consent to your application.
Once the users consent is removed refresh tokens are automatically revoked. so an access token is needed to call the api end point to revoke the refresh token.
Upvotes: 1
Related Questions
- Google OAuth2 API Refresh Tokens
- How to revoke token provided by OAuth from google? NodeJS
- can't get refresh token for google api. Node js
- Refresh token of google api do not work properly in nodejs
- Is there any way to revoke all Google OAuth2 Refresh Tokens for a user without having the latest token?
- How to revoke an authentication token client side against the Google Api
- Google Authentication Token return doesn't contain refresh_token
- Nodejs Google OAuth API refreshaccesstoken()
- How do I Invalidate refresh token for google after changing google password?
- How to revoke Oauth token by using Google's Javascript APIs?