search

bshaffer / oauth2-server-php

A library for implementing an OAuth2 Server in php
http://bshaffer.github.io/oauth2-server-php-docs
MIT License
3.26k stars 950 forks source link

manually remove access token #206

Open nasaorc opened 11 years ago

nasaorc commented 11 years ago

i would like to manually purge a authorized token for example, user pressed a button in the mobile app then i'll need to create a controller to remove all access_token,refresh_token and also they revoke app access from webpage too does this library has any function like this?

bshaffer commented 11 years ago

We can add a method like this to the storage classes for convenience. However, it should not be required in the Storage interface.  — Brent Shaffer

On Sun, Aug 11, 2013 at 8:15 AM, nasaorc notifications@github.com wrote:

i would like to manually purge a authorized token for example, user pressed a button in the mobile app then i'll need to create a controller to remove all access_token,refresh_token and also they revoke app access from webpage too

does this library has any function like this?

Reply to this email directly or view it on GitHub: https://github.com/bshaffer/oauth2-server-php/issues/206

dsquier commented 11 years ago

FWIW-- The OAuth 2.0 Token Revocation at http://tools.ietf.org/html/draft-ietf-oauth-revocation-11 discusses how to implement some of this functionality, but since it's not part of the OAuth 2.0 spec, I'd agree with @bshaffer.

nasaorc commented 11 years ago

So I need to wrote it by myself or wait for update? How do I remove both access and refresh token from database I suggest this lib should have a function to achieve token revocation

bshaffer commented 11 years ago

Yes, you are right. Any oauth implementation will allow for token revocation, retrieval of all existing tokens, and more. 

I would love you to submit a Pull Request. This is the fastest way to get the code in. If not, then I will try my best. But it's community software so contributions are encouraged! — Brent Shaffer

On Sun, Aug 11, 2013 at 11:56 AM, nasaorc notifications@github.com wrote:

So I need to wrote it by myself or wait for update? How do I remove both access and refresh token from database

I suggest this lib should have a function to achieve token revocation

Reply to this email directly or view it on GitHub: https://github.com/bshaffer/oauth2-server-php/issues/206#issuecomment-22461944