Open carl-underwood opened 5 years ago
0xNF
commented
5 years ago There is no API based endpoint, but users are already able to revoke application access via their own Dashboard page on their Spotify account management.
See also: https://developer.spotify.com/community/news/2016/07/25/app-ready-token-revoke/
carl-underwood
commented
5 years ago Hi @0xNF, thanks for your reply!
I was just thinking that it might be strange for a user if they think they've disconnected their account from within my application but still see the application listed in their Spotify account. As there is currently no API endpoint I intend to have my application forget their refresh token in this scenario.
I think it would be preferable to revoke the refresh token on the user's behalf if they choose to disconnect from my application.
0xNF
commented
5 years ago No doubt that it would be. There's lots that could be improved upon on the web API.
Perhaps you could offer to send them to their account management page?
ghost
commented
5 years ago Thanks for the suggestion @carl-hartshorn!
As pointed out by @0xNF , the Web API currently does not offer functionality to programmatically revoke tokens, but we will look into this and inform here in case we will be able to add something like this in the future.
carl-underwood
commented
5 years ago Hey @mklaunzer, thanks for your response and for looking into this!
Hi!
I'm currently working on an application integrating with the Spotify Web API, and I'm hoping to support disconnection of a user's Spotify account from my application. From the documentation, I have not been able to find a token revocation endpoint. At present this means that while my application can forget a user's refresh_token, the user will still see my application listed in https://www.spotify.com/uk/account/apps/.
I thought I'd raise this issue as a question / suggestion - is refresh token revocation by an application supported, or could it be supported in future?
Thanks, Carl