New API endpoint for revoking tokens

59 views
Skip to first unread message

Wilmers, Catalina

unread,
Dec 8, 2017, 3:44:56 PM12/8/17
to orcid-a...@googlegroups.com
We’re excited to announce a new feature that members have requested: a process for allowing clients to revoke tokens. The /oauth/revoke endpoint will disable the specified access and refresh token issued to your client and remove the permission from the list on the user’s account setting page.

To revoke a token you need to post the access or refresh token to the /oauth/revoke endpoint with your client id and secret, for example:

curl -i -L -H "Accept: application/json" --data "client_id=APP-NPXKK6HFN6TJ4YYI&client_secret=060c36f2-cce2-4f74-bde0-a17d8bb30a97&token=4ec62207-1d93-4396-9c24-8294893a791d" "https://sandbox.orcid.org/oauth/revoke"

Revoking an access token only disables that specific token and the associated refresh token; any additional tokens you have generated from the same user will not be affected. Full documentation is at https://members.orcid.org/api/oauth/revoke-tokens 

Please let us know if you have any questions.

Best,
-Catalina
Reply all
Reply to author
Forward
0 new messages