Issue revoking oauth2 token in forge app

I have an application that connects to google and get the profile details, everything works fine with the authorization and getting the profile.

However I want to add the option to revoke access from my application, and currently I don’t see this possible programmatically.

google api to revoke token:

curl -d -X -POST --header "Content-type:application/x-www-form-urlencoded" \
        https://oauth2.googleapis.com/revoke?token={token}

I’m using fetch to call the remote:

const google = api.asUser().withProvider('google', 'google-oauth');
const response = await google.fetch('/revoke', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'}});

in this case the token is actually never sent and I always get bad request error.

since bearerMethod type “form-encoded” and “uri-query” is depreciated there is no way to call the revoke.
does anyone have a solution?

Hi @MazenChmait_FusionTe, it looks like it may not be possible if the bearer method is expected to be in one of those formats.
It will be possible for the user of the app to revoke consent through the connected apps page, though, if that helps.

Hi @BoZhang,
that’s true that it can be revoked from connected apps page, but the user needs to have permissions to that. I’m looking into a solution where any user of the app can revoke his own access when needed.
Thanks,

If the end user has consented to your app, they will be able to see an entry on that page for your app and should be able to revoke access.

1 Like

in this case this workaround will work fine.
Thanks,