Revoking Access
Overview
A user may wish to disconnect their SID account from your application, for example, if they want to use a different account. You can allow your users to do this by requesting the revocation of the tokens that were issued to your application.
For this, the /oauth/revoke
endpoint is used.
It accepts a json body containing your application’s client_id
, client_secret
, and the token
to be revoked.
Because the client_secret
is required, this request must be made from your server.
You can expose this functionality to your frontend by creating an endpoint on your server that makes the request to the SID API.
import { NextApiRequest, NextApiResponse } from 'next';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
let refreshToken = /* fetch from database for currently authenticated user */;
const data = {
client_id: process.env.SID_CLIENT_ID,
client_secret: process.env.SID_CLIENT_SECRET,
token: refreshToken,
}
await axios.post('https://auth.sid.ai/oauth/revoke', data);
// remove SID connection from database for currently authenticated user
// ...
}
A revocation should be triggered when requested by the user.
For example, you can add a button to your application that triggers a request to the disconnect
endpoint.
You can either use the refresh_token
or the access_token
to revoke the tokens.
The revocation of either one will revoke both.
To reconnect their account, the user will have to go through the authorization flow again.
Was this page helpful?