How to revoke access token of google drive login using google oauth2?

by

How to revoke access token of google drive login using google oauth2?

Contents hide
1 How to revoke access token of google drive login using google oauth2?
2 Solution – 1

Problem Description:

I have google drive sign in feature in my react nodejs application. When ever a user clicks on sign in, I am using Google oauth2 to get code and that to get access token and refresh token using client ID and secret. I am saving these tokens and expiry in my database. Now, I want to revoke the token on logout. Below is the call I am making :

// token => storing refreshtoken
axios.post(`https://www.googleapis.com/oauth2/v3/revoke?token=${token}`, {
    })
    .then((response) => {
      console.log("response = ", response)
      log('INFO', 'Inside getNewToken done')
      return response
    }).catch((error) => {
      log('ERROR','Inside getNewToken, Error : ', error)
      return error
    })

It’s showing "Request failed with status code 404".
I also tried

https://oauth2.googleapis.com/revoke?token=${token}

This is showing "Request failed with status code 400"
Where am I going wrong? The api to call is correct right

Solution – 1

If you check googles discovery document openid-configuration

You will find that the revoke endpoint should be

"revocation_endpoint": "https://oauth2.googleapis.com/revoke",

You are using

https://www.googleapis.com/oauth2/v3/revoke

Full disco doc responses

{
 "issuer": "https://accounts.google.com",
 "authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
 "device_authorization_endpoint": "https://oauth2.googleapis.com/device/code",
 "token_endpoint": "https://oauth2.googleapis.com/token",
 "userinfo_endpoint": "https://openidconnect.googleapis.com/v1/userinfo",
 "revocation_endpoint": "https://oauth2.googleapis.com/revoke",
 "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
 "response_types_supported": [
  "code",
  "token",
  "id_token",
  "code token",
  "code id_token",
  "token id_token",
  "code token id_token",
  "none"
 ],
 "subject_types_supported": [
  "public"
 ],
 "id_token_signing_alg_values_supported": [
  "RS256"
 ],
 "scopes_supported": [
  "openid",
  "email",
  "profile"
 ],
 "token_endpoint_auth_methods_supported": [
  "client_secret_post",
  "client_secret_basic"
 ],
 "claims_supported": [
  "aud",
  "email",
  "email_verified",
  "exp",
  "family_name",
  "given_name",
  "iat",
  "iss",
  "locale",
  "name",
  "picture",
  "sub"
 ],
 "code_challenge_methods_supported": [
  "plain",
  "S256"
 ],
 "grant_types_supported": [
  "authorization_code",
  "refresh_token",
  "urn:ietf:params:oauth:grant-type:device_code",
  "urn:ietf:params:oauth:grant-type:jwt-bearer"
 ]
}

Remember that you can only revoke a token once so if it is revoked its going to give you an error if you try to revoke it again as it does not exist.

Rate this post
We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.
Accept
Reject
Read More…