Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API for clients to revoke access tokens #346

Open
miwig opened this issue Nov 28, 2022 · 1 comment
Open

API for clients to revoke access tokens #346

miwig opened this issue Nov 28, 2022 · 1 comment

Comments

@miwig
Copy link

miwig commented Nov 28, 2022

It seems that currently the only way to revoke an access token is through the settings page in the web UI. That sends a POST request to /apps/oauth2/clients/{id}/revoke, where {id} is just a database row ID for the client, see here. It seems there's no way to get the {id} for a given client, except for looking it up in the settings page and remembering it, or parsing the HTML, both of which seem brittle.

It would be useful if there was an API to revoke a token given nothing but that token, e.g. for a client application to revoke its own token from its own UI instead of sending users to the settings page.
@michaelstingl
Copy link

Did you consider using OpeID Connect with an external IdP? There you have much more control, than in the very limited OAuth 2.0 implementation for the ownCloud 10 server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelstingl @miwig