This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Questions about the conditions for the APIs of OAuth2 Access Token Get/Revoke to succeed

Posted on 12-08-2017 01:00 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi Team,

A customer asked me about the design specification of OAuth2 Access Token APIs.

1. Get OAuth2 Access Token by End User or App ID

Is it designed as getting Access Token whose status is not 'approved', meaning either 'revoked, or 'expired' is not possible?
The API spec doesn't mention about it.

2. Revoke OAuth2 Access Token by End User or App ID

Is it designed as revoking Access Token whose status is 'expired' is not possible?
The API spec doesn't mention about it.

Thank you for your help in advance.

Regards,
Toshi

Solved Solved
0 4 325
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

1. Revoked or expired Apps cannot get an access token. Ideally generating an access token should be implemented as a POST call in oauth proxy. You can implement it as a GET call as well.

2. Revoking an Access token is to disable the access for the token to invoke APIs. App can obtain a new access token by calling the auth endpoint and access APIs. If you want to disable access for an App then you need to revoke the App itself.

View solution in original post

Jump to Solution
4 REPLIES 4
Top Solution Authors
View all