Open benrobson opened 1 year ago
dommilosz
commented
1 year ago You cannot revoke access token but can revoke refresh token. Also if you want to revoke only Minecraft session I think it would be easy to implement too. Source: https://docs.microsoft.com/en-us/answers/questions/672062/how-to-revoke-token.html
dommilosz
commented
1 year ago I can't really find anything useful. This link above is for graph ql which from my testing is not for revoking this kind of tokens. I think it's safe to simply forget about the token and if user really wants to remove it he can go to authorised applications and remove it
dommilosz
commented
1 year ago Most of the unofficial minecraft launchers have no option to remove the app in the launcher itself.
benrobson
commented
1 year ago So is there a way to effectively "logout" of the session without having to have the user clear their cache?
dommilosz
commented
1 year ago I think user has to remove the app in his Microsoft account to revoke the tokens.
Let me know if you need more detail... Just looking for a method where on logout you can revoke the MS Account/Session or if the user logs in with the wrong account, or if there's an error with logging in, I can revoke the session/token.