I am a student working on a web app that allows users to upload videos to their youtube channel. It is working great, but I would like the users to be able to revoke that access if they want to.
For now, I am only deleting the user's access token from the database, but the app is still showing in the user's Google "Apps with access to your account" page... Is there a way to revoke that access without the user having to manually go to that page and click on the "Remove access" button?
Here is an example of manual access removal. I would simply like to have such a "remove access" button in my web app that would do the same. Is there a way?
Thanks for your help!
CodePudding user response:
Take the access token you have for the user and just send a request to the revoke endpoint. It will remove the users access to your app.
curl -d -X -POST --header "Content-type:application/x-www-form-urlencoded" \
https://oauth2.googleapis.com/revoke?token={token}
Assuming you are using the Google api .net client library there should be a revoke method already
UserCredential cred = await GoogleWebAuthorizationBroker.AuthorizeAsync(
Helper.GetClientSecretStream(), new string[] { "email" },
"user", default, new NullDataStore());
Assert.NotNull(cred);
var accessToken = await cred.GetAccessTokenForRequestAsync();
using (var f = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecretsStream = Helper.GetClientSecretStream()
}))
{
// Succeeds if no exception is thrown.
await f.RevokeTokenAsync("a-user", accessToken, default);
// Cannot verify revocation, as it takes in indeterminate duration to propagate.
}