8

So here at the end of the page says a way to be able to revoke this token via the AuthSub api (the old api).

I manage the whole authentication system with the new api OAuth and when I try to revoke the token with the authsub steps its just sending me an "HTTP Error 403: Invalid AuthSub token."

Here is my code in python:

req = urllib2.Request("https://www.google.com/accounts/AuthSubRevokeToken",headers=
      {'Authorization':'AuthSub token="mysuperloluselesstoken"'})
urllib2.open(req)

Is there an easier way to do this? Should I do something with the secret_token + user_token + consumer?

Hassek
  • 8,715
  • 6
  • 47
  • 59
  • Why to use OAuth? Why not secret key? You goal is to access Google APIs right? – codersofthedark Nov 25 '11 at 19:05
  • nop, my goal is to revoke the OAuth token from my system without having to redirect the user to the google API page and make the user remove it manually – Hassek Nov 26 '11 at 05:26

1 Answers1

2

Just answered over here: Server side removal of Oauth token

You have the correct URL to request revocation of an OAuth 1.0 token (using the AuthSub endpoint). The primary issue above is that you're constructing an AuthSub Authorization header. Instead, you should construct an OAuth 1.0 signed request (in the same way you sign any other request via OAuth 1.0): https://www.rfc-editor.org/rfc/rfc5849#section-3.5.1

Community
  • 1
  • 1
Ryan Boyd
  • 2,978
  • 1
  • 21
  • 19