AnsweredAssumed Answered

Revoking OAuth2 Tokens

Question asked by phunter_Latitudegeo on Sep 12, 2018

As per the docs (ArcGIS REST API , Authorize—ArcGIS REST API: Users, groups, and content | ArcGIS for Developers ) there is no apparent REST Endpoint for revoking issued OAuth2 Tokens. 

 

In searching I stumbled across the https://www.arcgis.com/sharing/rest/oauth2/signout endpoint which can be used to sign-out of AGOL and other platforms which make use of the esri_auth cookie, however it only ever provides HTML responses, suggesting its strictly a browser flow endpoint and not for use with server side calls. 

 

Is there a means of revoking OAuth tokens with a purpose built REST Endpoint? Ideally, with functionality to provide either the access token directly, or the refresh token, which would invalid all associated tokens, and a response that isn't HTML.

Outcomes