Is it (now) possible to revoke Gitlab access tokens through the API?

759 Views Asked by d-cubed At 22 April 2021 at 16:19

Two years ago, someone asked if it was possible to programmatically revoke access tokens through the Gitlab API. The answer then was no. I have not located recent information confirming or rejecting that this is still true.

I was hoping to use something like this with Python's http request library:

 headers = {'Authorization':  clientSecret}
 res = gitlab.post("https://gitlab.com/oauth/revoke", headers=headers, data={
            'client_id': clientID,
            'access_token': accessToken
        })
print(res.text)

However, the response has been empty with different variations.

Original Q&A

There are 1 best solutions below

d-cubed On 22 April 2021 at 17:16 BEST ANSWER

In light of information here, it seems completely possible to revoke the access tokens. This works:

 payload = {"token": accessToken,
            "token_type_hint": "refresh_token"
        }
 auth = HTTPBasicAuth(clientID, clientSecret)
 res = requests.post("https://gitlab.com/oauth/revoke",
                    data=payload,
                    auth=auth,
                    )

Is it (now) possible to revoke Gitlab access tokens through the API?

There are 1 best solutions below

Related Questions in OAUTH-2.0

Related Questions in GITLAB

Related Questions in REVOKE-TOKEN

Trending Questions

Popular # Hahtags

Popular Questions