Overview

A user may wish to disconnect their SID account from your application, for example, if they want to use a different account. You can allow your users to do this by requesting the revocation of the tokens that were issued to your application.

For this, the /oauth/revoke endpoint is used. It accepts a json body containing your application’s client_id, client_secret, and the token to be revoked. Because the client_secret is required, this request must be made from your server. You can expose this functionality to your frontend by creating an endpoint on your server that makes the request to the SID API.

import { NextApiRequest, NextApiResponse } from 'next';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
	let refreshToken = /* fetch from database for currently authenticated user */;

	const data = {
		client_id: process.env.SID_CLIENT_ID,
		client_secret: process.env.SID_CLIENT_SECRET,
		token: refreshToken,
	}

	await axios.post('https://auth.sid.ai/oauth/revoke', data);

	// remove SID connection from database for currently authenticated user
	// ...
}

A revocation should be triggered when requested by the user. For example, you can add a button to your application that triggers a request to the disconnect endpoint.

You can either use the refresh_token or the access_token to revoke the tokens. The revocation of either one will revoke both.

To reconnect their account, the user will have to go through the authorization flow again.